XCloner plugin version 3.1.1 for WordPress and 3.5.1 for Joomla! suffers from arbitrary command execution, MySQL password disclosure, database backups exposed, unauthenticated remote access, and various other vulnerabilities.
e7e9c754e4fa53a92070a86a3d88269734cc1335edab813113e839335bc770af