CVE-2024-43298 – Clone <= 2.4.5 - Missing Authorization
https://notcve.org/view.php?id=CVE-2024-43298
The Clone plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpa_wpc_ajax_install_new() function in versions up to, and including, 2.4.5. This makes it possible for authenticated attackers, with subscriber-level access and above, to install a backup plugin. • CWE-862: Missing Authorization •
CVE-2023-25486 – Clone <= 2.3.7 - Missing Authorization via wp_ajax_tifm_save_decision
https://notcve.org/view.php?id=CVE-2023-25486
The Clone plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wp_ajax_tifm_save_decision function in versions up to, and including, 2.3.7. This makes it possible for authenticated attackers with subscriber-level access, and above, to modify the 'Test new plugins before installing' setting. • CWE-862: Missing Authorization •