An issue was discovered in the XCloner Backup and Restore plugin before 4.2.13 for WordPress. It gave authenticated attackers the ability to modify arbitrary files, including PHP files. Doing so would allow an attacker to achieve remote code execution. The xcloner_restore.php write_file_action could overwrite wp-config.php, for example. Alternatively, an attacker could create an exploit chain to obtain a database dump.
How to mitigate CVE-2020-35948
Time needed: 5 minutes.
Follow the instructions, as they will assist you in mitigating the WordPress vulnerability that been reported in CVE-2020-35948.
- Install the latest version of WordPress
Navigate to the official WordPress website and download the latest version of WordPress. The latest version contains the CVE-2020-35948 fix.
- Perform a vulnerability assessment
Perform a scan on your WordPress environment(s), and check for vulnerabilities. Verify if CVE-2020-35948 has been mitigated.
- Utilize the references
The CVE-2020-35948 references have been provided for a reason. Utilize these references and make sure that you are correctly informed.