HI there, yes, the 3.1.1 have been addressed, i will work on fixing the 3.1.2 vulnerabilities as well soon.
Ovidiu
The 3.1.2 vulnerability has been address and is currently fixed in the latest 3.1.2 version.
Oh, looks like the plugin has been removed from the directory anyway (?)
Indeed, we are waiting for a response from the WP team….
Do you guys know the severity of the attacks? I had this issue on a site I had the 3.1.1 installed, but it wasn’t activated. Luckily a malware scan had detected this file:
xcloner-backup-and-restore/configs/view.php
In a frenzy I deleted the whole plugin, but copied the code above. I tried decoding it to see what it did, but couldn’t get it to work.
Once the old version is updated or removed is there anything else to worry about? I ran a complete site scan and didn’t find anything else. However, I just wanted to check if anyone knows if this malware can still gain access to anything after removing 3.1.1? Like if it installs anything outside the plugin directory that we should look out for or if it gains root access to the server, wp-config, database passwords, etc…
Thanks guys.
XCloner does not have a view.php file in the configs/ directory by default installation, so if anybody created with malware code, that is a separate issue you need to investigate.
I don’t know anything about any occurrences of anyone actually trying to exploit these vulnerabilities – only that they exist.
If I read them correctly, they all require the attacker to already have some level of admin access, so if someone *was* able to exploit them then it’s anyone’s guess what else they were able to do,
