Critical Vulnerability in WordPress Plugin WP Clone Exposes 90,000 Sites to Potential Cyberattacks

December 20, 2023

WordPress, the platform driving more than 43% of all online sites, is often the focus of cybercriminals' activities. WP Clone, a popular plugin used by developers and site owners for backing up, migrating, or cloning WordPress sites, is now under threat. A severe vulnerability, known as CVE-2023-6750, has been identified in all versions of WP Clone up to 2.4.2, affecting over 90,000 active installations.

The threat, which carries a high-severity CVSS score of 9.8, exposes sensitive information and could potentially allow unauthenticated attackers to download database backups made with the plugin. This situation could lead to a complete site takeover, transforming a convenience tool into a weapon against the site itself. The vulnerability was reported by researcher Dmitrii Ignatyev of CleanTalk Inc.

The WP Clone team is cognizant of the vulnerability and has swiftly released a patched version, 2.4.3. Upgrading to this version is critical to mitigate the risk and can be easily done from the WordPress dashboard. However, it's crucial to remember that maintaining the security of a website is an ongoing process, and simply patching this vulnerability is not enough.

To further safeguard your WordPress site, it's recommended to regularly update all plugins and themes, use strong, unique passwords, and limit login attempts. Implementing two-factor authentication and regularly backing up your site can also provide additional layers of protection. Following these guidelines, in addition to keeping all software up-to-date, can significantly enhance the security of your WordPress site against potential cyberattacks.

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.