Clone Security Vulnerabilities
The Page and Post Clone plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.0 via the 'content_clone' function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Author-level access....
4.3CVSS
4.4AI Score
0.001EPSS
Missing Authorization vulnerability in Afzal Multani WP Clone Menu.This issue affects WP Clone Menu: from n/a through...
5.4CVSS
5.6AI Score
0.0004EPSS
Missing Authorization vulnerability in Mahesh Vora WP Page Post Widget Clone.This issue affects WP Page Post Widget Clone: from n/a through...
5.4CVSS
6.8AI Score
0.0004EPSS
The Backuply – Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.2.7 via the backup_name parameter in the backuply_download_backup function. This makes it possible for attackers to have an account with only...
4.9CVSS
9.2AI Score
0.0004EPSS
The Backuply – Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to Denial of Service in all versions up to, and including, 1.2.5. This is due to direct access of the backuply/restore_ins.php file and. This makes it possible for unauthenticated attackers to make excessive...
7.5CVSS
7.5AI Score
0.0005EPSS
The Backuply – Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.2.3 via the node_id parameter in the backuply_get_jstree function. This makes it possible for attackers with administrator privileges or higher to...
6.5CVSS
5.2AI Score
0.001EPSS
The Clone WordPress plugin before 2.4.3 uses buffer files to store in-progress backup informations, which is stored at a publicly accessible, statically defined file...
7.5CVSS
7.6AI Score
0.001EPSS
Several plugins for WordPress by Inisev are vulnerable to Cross-Site Request Forgery to unauthorized installation of plugins due to a missing nonce check on the handle_installation function that is called via the inisev_installation AJAX aciton in various versions. This makes it possible for...
4.3CVSS
4.7AI Score
0.001EPSS
Several plugins for WordPress by Inisev are vulnerable to unauthorized installation of plugins due to a missing capability check on the handle_installation function that is called via the inisev_installation AJAX aciton in various versions. This makes it possible for authenticated attackers with...
6.5CVSS
6.4AI Score
EPSS
SQL injection vulnerability in category.php in Ebay Clone 2009 allows remote attackers to execute arbitrary SQL commands via the cate_id parameter in a list...
8.6AI Score
0.001EPSS
Cross-site scripting (XSS) vulnerability in search.php in Ebay Clone 2009 allows remote attackers to inject arbitrary web script or HTML via the mode...
5.9AI Score
0.001EPSS
Cross-site scripting (XSS) vulnerability in questiondetail.php in Yahoo Answers Clone allows remote attackers to inject arbitrary web script or HTML via the questionid...
5.9AI Score
0.001EPSS
SQL injection vulnerability in offers_buy.php in Alibaba Clone 3.0 allows remote attackers to execute arbitrary SQL commands via the id...
8.4AI Score
0.002EPSS
PHP Scripts Mall Redbus Clone Script 3.0.6 has XSS via the ter_from or tag parameter to...
6.1CVSS
6AI Score
0.001EPSS
Cross Site Scripting (XSS) exists in the review section in PHP Scripts Mall Hot Scripts Clone Script Classified 3.1 via the title or description...
5.4CVSS
5AI Score
0.0005EPSS
SQL injection vulnerability in index.php in OlyKit Swoopo Clone 2010 allows remote attackers to execute arbitrary SQL commands via the id parameter in a product...
8.7AI Score
0.001EPSS
SQL injection vulnerability in countrydetails.php in Alibaba Clone B2B 3.4 allows remote attackers to execute arbitrary SQL commands via the es_id...
8.7AI Score
0.001EPSS
PHP Scripts Mall Citysearch / Hotfrog / Gelbeseiten Clone Script 2.0.1 has Reflected XSS via the srch parameter, as demonstrated by...
6.1CVSS
6AI Score
0.001EPSS
Multiple SQL injection vulnerabilities in admin/login.php in Milw0rm Clone Script 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) usr or (2) pwd...
8.8AI Score
0.001EPSS
All versions of package git-clone are vulnerable to Command Injection due to insecure usage of the --upload-pack feature of...
9.8CVSS
9.7AI Score
0.004EPSS
The package git-pull-or-clone before 2.0.2 are vulnerable to Command Injection due to the use of the --upload-pack feature of git which is also supported for git clone. The source includes the use of the secure child process API spawn(). However, the outpath parameter passed to it may be a...
9.8CVSS
9.9AI Score
0.002EPSS
The WP Post Page Clone WordPress plugin before 1.2 allows users with a role as low as Contributor to clone and view other users' draft and password-protected posts which they cannot view...
4.3CVSS
4.5AI Score
0.001EPSS
In GUI mode, deepin-clone before 1.1.3 creates a log file at the fixed path /tmp/.deepin-clone.log as root, and follows symlinks there. An unprivileged user can prepare a symlink attack there to create or overwrite files in arbitrary file system locations. The content is not attacker...
5.5CVSS
5.9AI Score
0.001EPSS
deepin-clone before 1.1.3 uses a fixed path /tmp/repo.iso in the BootDoctor::fix() function to download an ISO file, and follows symlinks there. An unprivileged user can prepare a symlink attack there to create or overwrite files in arbitrary file system locations. The content is not attacker...
4.7CVSS
5.6AI Score
0.001EPSS
deepin-clone before 1.1.3 uses a predictable path /tmp/.deepin-clone/mount/ in the Helper::temporaryMountDevice() function to temporarily mount a file system as root. An unprivileged user can prepare a symlink at this location to have the file system mounted in an arbitrary location. By winning a.....
7CVSS
6.6AI Score
0.001EPSS
deepin-clone before 1.1.3 uses a fixed path /tmp/partclone.log in the Helper::getPartitionSizeInfo() function to write a log file as root, and follows symlinks there. An unprivileged user can prepare a symlink attack there to create or overwrite files in arbitrary file system locations. The...
5.5CVSS
5.9AI Score
0.001EPSS
SQL injection exists in Scriptzee Flippa Marketplace Clone 1.0 via the site-search sortBy or sortDir...
9.8CVSS
9.8AI Score
0.003EPSS
6.1CVSS
6.4AI Score
0.001EPSS
PHP Scripts Mall Naukri / Shine / Jobsite Clone Script 3.0.4 allows remote attackers to cause a denial of service (page update outage) via crafted PHP and JavaScript code in the "Current Position"...
6.5CVSS
6.6AI Score
0.001EPSS
PHP Scripts Mall Naukri / Shine / Jobsite Clone Script 3.0.4 has Stored XSS via the USERNAME field, a related issue to...
5.4CVSS
5.2AI Score
0.001EPSS
PHP Scripts Mall Myperfectresume / JobHero / Resume Clone Script 2.0.6 has Stored XSS via the Full Name and Title...
6.1CVSS
5.9AI Score
0.001EPSS
edit_requests.php in yTakkar Instagram-clone through 2018-04-23 has XSS via an onmouseover payload because of an inadequate XSS protection mechanism based on...
6.1CVSS
5.9AI Score
0.001EPSS
PHP Scripts Mall Naukri Clone Script through 3.0.3 allows Unrestricted Upload of a File with a Dangerous Type in edit_resume_det.php, as demonstrated by changing .docx to...
8.8CVSS
8.6AI Score
0.001EPSS
PHP Scripts Mall Hot Scripts Clone Script Classified v3.1 uses the client side to enforce validation of an e-mail address, which allows remote attackers to modify a registered e-mail address by removing the validation...
8.8CVSS
8.6AI Score
0.003EPSS
PHP Scripts Mall Match Clone Script 1.0.4 has XSS via the search field to searchbyid.php (aka the "View Search By Id"...
6.1CVSS
5.9AI Score
0.001EPSS
PHP Scripts Mall Hot Scripts Clone:Script Classified Version 3.1 Application is vulnerable to stored XSS within the "Add New" function for a Management User. Within the "Add New" section, the application does not sanitize user supplied input to the name parameter, and renders injected JavaScript...
4.8CVSS
5.1AI Score
0.001EPSS
Cross Site Scripting (XSS) exists in PHP Scripts Mall Alibaba Clone Script 1.0.2 via a profile...
5.4CVSS
5.2AI Score
0.0005EPSS
Cross Site Scripting (XSS) exists in PHP Scripts Mall Slickdeals / DealNews / Groupon Clone Script 3.0.2 via a User Profile Field...
5.4CVSS
5.2AI Score
0.0005EPSS
PHP Scripts Mall Multi Language Olx Clone Script 2.0.6 has XSS via the Leave Comment...
6.1CVSS
6AI Score
0.001EPSS
5.4CVSS
5.3AI Score
0.0005EPSS
PHP Scripts Mall Naukri Clone Script 3.0.3 has Stored XSS via every profile input...
5.4CVSS
5.2AI Score
0.0005EPSS
9.8CVSS
9.8AI Score
0.002EPSS
SQL Injection exists in Vastal I-Tech Buddy Zone Facebook Clone 2.9.9 via the /chat_im/chat_window.php request_id parameter or the /search_events.php category...
9.8CVSS
9.8AI Score
0.002EPSS
FS Lynda Clone has XSS via the keywords parameter to tutorial/ or the edit_profile_first_name parameter to...
5.4CVSS
5.2AI Score
0.001EPSS
PHP Scripts Mall Resume Clone Script has SQL Injection via the forget.php username...
9.8CVSS
9.9AI Score
0.002EPSS
FS Lynda Clone has CSRF via user/edit_profile, as demonstrated by adding content to the user...
8.8CVSS
8.6AI Score
0.001EPSS
9.8CVSS
9.8AI Score
0.002EPSS
9.8CVSS
9.8AI Score
0.002EPSS
9.8CVSS
9.9AI Score
0.002EPSS
Multivendor Penny Auction Clone Script 1.0 has SQL Injection via the PATH_INFO to the /detail...
9.8CVSS
9.8AI Score
0.003EPSS