“XCloner Backup and Restore” WordPress plugin is widely used by designers/developers to backup and restore WordPress sites. “XCloner” allows users to generate custom backups of any WordPress site, and then restore the backup on any other location with the help of the automatic restore script they provide.
Vulnerabilities present in this plugin installed on over 30,000 sites. This is considered a critical security issue that could lead to remote code execution on a vulnerable site’s server. If you haven’t already updated, we highly recommend updating to the fully patched version, 4.2.153, immediately.
This vulnerability could give attackers the ability to overwrite the wp-config.php file containing WordPress database credentials and other important settings. – Wordfence
Here is the full details and guidelines on keeping sites safe.