{"id":"CVE-2020-35950","details":"An issue was discovered in the XCloner Backup and Restore plugin before 4.2.153 for WordPress. It allows CSRF (via almost any endpoint).","modified":"2026-04-10T04:27:56.907605Z","published":"2021-01-01T04:15:13.620Z","references":[{"type":"EVIDENCE","url":"https://wpscan.com/vulnerability/10413"},{"type":"EVIDENCE","url":"https://www.wordfence.com/blog/2020/09/critical-vulnerabilities-patched-in-xcloner-backup-and-restore-plugin/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/watchfulli/xcloner-wordpress","events":[{"introduced":"0"},{"fixed":"7b37c7cfd575866a1c4132f1332c4a08c9813beb"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"4.2.153"}]}}],"versions":["4.0.1","4.0.2","4.0.6","4.1.4","4.1.5","4.2.0","4.2.1","4.2.10","4.2.10a","4.2.10b","4.2.11","4.2.12","4.2.13","4.2.14","4.2.15","4.2.150","4.2.151","4.2.152","4.2.2","4.2.3","4.2.4","4.2.5","4.2.6","4.2.7","4.2.8","4.2.8r","4.2.9","4.2.9a","4.2.9b","4.2.9c","4.2.9d"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-35950.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}