{"api_version":"1","generated_at":"2026-04-24T20:54:47+00:00","cve":"CVE-2022-0444","urls":{"html":"https://cve.report/CVE-2022-0444","api":"https://cve.report/api/cve/CVE-2022-0444.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2022-0444","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2022-0444"},"summary":{"title":"CVE-2022-0444","description":"The Backup, Restore and Migrate WordPress Sites With the XCloner Plugin WordPress plugin before 4.3.6 does not have authorisation and CSRF checks when resetting its settings, allowing unauthenticated attackers to reset them, including generating a new backup encryption key.","state":"PUBLIC","assigner":"contact@wpscan.com","published_at":"2022-06-27 09:15:00","updated_at":"2023-11-07 03:41:00"},"problem_types":["CWE-352","CWE-862"],"metrics":[],"references":[{"url":"https://wpscan.com/vulnerability/9567d295-43c7-4e59-9283-c7726f16d40b","name":"https://wpscan.com/vulnerability/9567d295-43c7-4e59-9283-c7726f16d40b","refsource":"MISC","tags":[],"title":"Attention Required! | Cloudflare","mime":"text/html","httpstatus":"403","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2022-0444","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0444","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2022","cve_id":"444","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"watchful","cpe5":"xcloner","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"wordpress","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2022-0444","ASSIGNER":"contact@wpscan.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"The Backup, Restore and Migrate WordPress Sites With the XCloner Plugin WordPress plugin before 4.3.6 does not have authorisation and CSRF checks when resetting its settings, allowing unauthenticated attackers to reset them, including generating a new backup encryption key."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-862 Missing Authorization"}]},{"description":[{"lang":"eng","value":"CWE-352 Cross-Site Request Forgery (CSRF)"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"Unknown","product":{"product_data":[{"product_name":"Backup, Restore and Migrate WordPress Sites With the XCloner Plugin","version":{"version_data":[{"version_affected":"<","version_name":"0","version_value":"4.3.6"}]}}]}}]}},"references":{"reference_data":[{"url":"https://wpscan.com/vulnerability/9567d295-43c7-4e59-9283-c7726f16d40b","refsource":"MISC","name":"https://wpscan.com/vulnerability/9567d295-43c7-4e59-9283-c7726f16d40b"}]},"generator":{"engine":"WPScan CVE Generator"},"source":{"discovery":"EXTERNAL"},"credits":[{"lang":"en","value":"Krzysztof ZajÄ…c"},{"lang":"en","value":"WPScan"}]},"nvd":{"publishedDate":"2022-06-27 09:15:00","lastModifiedDate":"2023-11-07 03:41:00","problem_types":["CWE-352","CWE-862"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE","baseScore":4.3,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.8,"impactScore":1.4},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE","baseScore":4.3},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:watchful:xcloner:*:*:*:*:*:wordpress:*:*","versionEndExcluding":"4.3.6","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2022","CveId":"444","Ordinal":"227578","Title":"CVE-2022-0444","CVE":"CVE-2022-0444","Year":"2022"},"notes":[{"CveYear":"2022","CveId":"444","Ordinal":"1","NoteData":"** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.","Type":"Description","Title":null}]}}}