Description
Missing Authorization vulnerability in Xfinitysoft Content Cloner super-seo-content-cloner allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Content Cloner: from n/a through <= 1.0.1.
Published: 2025-02-03
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a missing authorization flaw in the Xfinitysoft Content Cloner (super‑seo‑content‑cloner) plugin that lets an unauthenticated user exploit incorrectly configured access control levels. An attacker can invoke the plugin’s cloning functionality without proper permission, which could result in unauthorized duplication of site content, potential tampering, or accidental exposure of sensitive information. The weakness is classified as CWE‑862, indicating improper authorization handling.

Affected Systems

WordPress sites that use the Xfinitysoft Content Cloner plugin with versions up to and including 1.0.1. Any deployment of the plugin within this version range is susceptible unless the plugin is updated or removed.

Risk and Exploitability

The CVSS score of 4.3 indicates a low severity and the EPSS score of less than 1% shows a very small likelihood of exploitation. The vulnerability is not listed in CISA’s KEV catalog. Based on the description, it is inferred that an attacker could trigger the cloning operation through the plugin’s interface without authentication, though the precise attack vector is not explicitly documented, so the risk remains largely confined to sites with the plugin enabled and exposed to external traffic.

Generated by OpenCVE AI on May 2, 2026 at 04:56 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Content Cloner plugin to any release newer than 1.0.1 as soon as it becomes available.
  • If an upgrade is not possible immediately, disable or remove the plugin from the WordPress installation to eliminate the exposed functionality.
  • Restrict access to the plugin’s cloning feature by applying granular role‑based access controls so that only trusted administrators can use it.
  • Monitor site logs for any anomalous cloning activity to detect potential abuse early.

Generated by OpenCVE AI on May 2, 2026 at 04:56 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-2909 Missing Authorization vulnerability in Xfinity Soft Content Cloner allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Content Cloner: from n/a through 1.0.1.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in Xfinity Soft Content Cloner allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Content Cloner: from n/a through 1.0.1. Missing Authorization vulnerability in Xfinitysoft Content Cloner super-seo-content-cloner allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Content Cloner: from n/a through <= 1.0.1.
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N'}

Mon, 14 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00038}

 epss

{'score': 0.00048}

Mon, 03 Feb 2025 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 03 Feb 2025 14:30:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in Xfinity Soft Content Cloner allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Content Cloner: from n/a through 1.0.1.
Title WordPress Content Cloner plugin <= 1.0.1 - Broken Access Control vulnerability
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:11:04.379Z

Reserved: 2025-01-07T21:03:06.951Z

Link: CVE-2025-22681

cve-icon Vulnrichment

Updated: 2025-02-03T15:33:07.293Z

cve-icon NVD

Status : Deferred

Published: 2025-02-03T15:15:18.127

Modified: 2026-06-17T08:49:13.620

Link: CVE-2025-22681

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-02T05:00:12Z

Weaknesses