CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43298 – WordPress Clone plugin <= 2.4.5 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-43298
16 Aug 2024 — Missing Authorization vulnerability in Migrate Clone allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Clone: from n/a through 2.4.5. The Clone plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpa_wpc_ajax_install_new() function in versions up to, and including, 2.4.5. This makes it possible for authenticated attackers, with subscriber-level access and above, to install a backup plugin. • https://patchstack.com/database/vulnerability/wp-clone-by-wp-academy/wordpress-clone-plugin-2-4-5-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25486 – WordPress Clone plugin <= 2.3.7 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-25486
08 Mar 2023 — Missing Authorization vulnerability in Migrate Clone allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Clone: from n/a through 2.3.7. The Clone plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wp_ajax_tifm_save_decision function in versions up to, and including, 2.3.7. This makes it possible for authenticated attackers with subscriber-level access, and above, to modify the 'Test new plugins before instal... • https://patchstack.com/database/wordpress/plugin/wp-clone-by-wp-academy/vulnerability/wordpress-clone-plugin-2-3-7-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •