CVE-2023-6750: Critical WordPress Plugin Vulnerability Puts 90,000 Sites at Risk

CVE-2023-6750

WordPress powers over 43% of all websites, making it a prime target for cyberattacks. Fortunately, plugins like WP Clone offer a valuable line of defense, streamlining backups and migrations. But what if the tool meant to protect your site became a backdoor for attackers? That’s the chilling reality exposed by CVE-2023-6750, a critical vulnerability affecting WP Clone versions up to 2.4.2.

WP Clone offers a seamless solution for backing up, migrating, or cloning WordPress sites. With over 90,000 active installations, it’s a go-to plugin for developers and website owners.

Dubbed CVE-2023-6750, this critical flaw carries a CVSS score of 9.8, placing it in the high-severity category. This vulnerability resides in all versions of the WP Clone plugin up to and including 2.4.2, and it opens sensitive information exposure. Researcher Dmitrii Ignatyev – CleanTalk Inc. has been credited for reporting this flaw.

Unauthenticated attackers can exploit this flaw to download database backups made with the plugin. Potential complete site takeover, turning a tool of convenience into a weapon against the site itself.

The good news is, that the WP Clone team is aware of the vulnerability and has released a patched version – 2.4.3. Upgrading is critical, and it’s as simple as clicking a few buttons in your WordPress dashboard. Please don’t delay, do it today!

Even with the patch, it’s important to remember that website security is an ongoing process. Here are some additional tips to keep your WordPress site safe:

  • Use strong passwords and keep them updated.
  • Keep WordPress core, plugins, and themes up-to-date.
  • Regularly back up your website.
  • Use a security plugin to scan for vulnerabilities.

Following these tips and keeping your software up-to-date can help keep your WordPress site safe from attackers.