Does Clone have any unpatched vulnerabilities?

No. All known vulnerabilities in Clone have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Clone compatible with WordPress 6.8.5?

According to WordPress.org data, Clone 2.4.8 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Clone compatible with PHP 5.5+?

Clone requires PHP 5.5 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Clone updated?

Clone was last updated on Oct 30, 2025. Frequent updates are generally a positive security signal.

What is Clone's security score?

Clone has a WP-Safety security score of 93/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Clone Security & Risk Analysis

wordpress.org/plugins/wp-clone-by-wp-academy

100% FREE clone and migration

50K active installs v2.4.8 PHP 5.5+ WP 3.3+ Updated Oct 30, 2025

backupcloneduplicatemigraterestore

A · Safe

CVEs total5

Unpatched0

Last CVENov 19, 2024

Plugin page Download

Safety Verdict

Is Clone Safe to Use in 2026?

Generally Safe

Score 93/100

Clone has a strong security track record. Known vulnerabilities have been patched promptly.

5 known CVEsLast CVE: Nov 19, 2024Updated 5mo ago

Risk Assessment

The wp-clone-by-wp-academy plugin v2.4.8 exhibits several concerning security practices, despite some positive indications. The presence of two AJAX handlers without authentication checks is a significant immediate risk, potentially allowing unauthorized users to trigger sensitive operations. While the taint analysis found no critical or high-severity issues, the overall code signals are mixed. The use of 'unserialize' is a known dangerous function that, if combined with other weaknesses, could lead to severe vulnerabilities. Furthermore, a substantial percentage of SQL queries are not using prepared statements, increasing the risk of SQL injection. The plugin's history of five CVEs, including one critical and one high severity, is a major red flag. This pattern suggests a recurring struggle with fundamental security principles, particularly around deserialization, authorization, and exposure of sensitive information. While the absence of currently unpatched vulnerabilities and the presence of nonce checks are positive, the combination of insecure code practices and a history of past vulnerabilities warrants a cautious approach.

Key Concerns

AJAX handlers without auth checks
SQL queries not using prepared statements
Dangerous function: unserialize
Significant percentage of unescaped output
Past critical CVE
Past high CVE
Past medium CVEs (x3)

Vulnerabilities

Clone Security Vulnerabilities

CVEs by Year

3 CVEs in 2023

2023

2 CVEs in 2024

2024

Patched Has unpatched

Severity Breakdown

Critical

High

Medium

5 total CVEs

CVE-2024-10913high · 8.8Deserialization of Untrusted Data

Clone <= 2.4.6 - Unauthenticated PHP Object Injection via 'recursive_unserialized_replace'

Nov 19, 2024 Patched in 2.4.7 (2d)

CVE-2024-43298medium · 4.3Missing Authorization

Clone <= 2.4.5 - Missing Authorization

Aug 16, 2024 Patched in 2.4.6 (4d)

CVE-2023-6750critical · 9.8Exposure of Sensitive Information to an Unauthorized Actor

WP Clone <= 2.4.2 - Sensitive Information Exposure

Dec 18, 2023 Patched in 2.4.3 (36d)

WF-314d3e0c-ba29-4795-a646-40e0acfc3405-wp-clone-by-wp-academymedium · 4.3Cross-Site Request Forgery (CSRF)

Clone <= 2.3.7 - Cross-Site Request Forgery via wp_ajax_tifm_save_decision

Mar 8, 2023 Patched in 2.3.8 (321d)

CVE-2023-25486medium · 4.3Missing Authorization

Clone <= 2.3.7 - Missing Authorization via wp_ajax_tifm_save_decision

Mar 8, 2023 Patched in 2.3.8 (321d)

Code Analysis

Analyzed Mar 16, 2026

Clone Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

36 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$this->values = is_array($raw) ? $raw : @unserialize($raw);analyst\src\Cache\DatabaseCache.php:47

SQL Query Safety

0% prepared3 total queries

Output Escaping

44% escaped82 total outputs

Data Flows

All sanitized

Data Flow Analysis

3 flows

wpa_wpc_ajax_delete (wpclone.php:99)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

Clone Attack Surface

Entry Points15

Unprotected2

AJAX Handlers 15

authwp_ajax_analyst_notification_dismissanalyst\src\Mutator.php:100

authwp_ajax_inisev_installationmodules\banner\misc.php:65

authwp_ajax_inisev_installation_widgetmodules\banner\misc.php:66

authwp_ajax_dismiss_new_bb_bannermodules\new-bb-banner\misc.php:91

authwp_ajax_install_bmimodules\new-bb-banner\misc.php:92

authwp_ajax_activate_bmimodules\new-bb-banner\misc.php:93

authwp_ajax_tifm_notice_actionsmodules\tryOutPlugins\tryOutPlugins.php:36

authwp_ajax_insPP_ajaxpromotion\misc.php:88

authwp_ajax_wpclone-ajax-sizewpclone.php:53

authwp_ajax_wpclone-ajax-dirwpclone.php:54

authwp_ajax_wpclone-ajax-deletewpclone.php:55

authwp_ajax_wpclone-ajax-uninstallwpclone.php:56

authwp_ajax_wpclone-search-n-replacewpclone.php:57

authwp_ajax_wpclone-install_newwpclone.php:58

authwp_ajax_tifm_save_decisionwpclone.php:360

WordPress Hooks 25

actioninitanalyst\main.php:65

actioninitanalyst\src\Analyst.php:80

actionadmin_footeranalyst\src\Mutator.php:56

actionadmin_noticesanalyst\src\Mutator.php:74

actionadmin_enqueue_scriptsanalyst\src\Mutator.php:86

actionadmin_menumodules\banner\misc.php:110

actionadmin_menumodules\banner\misc.php:123

actionins_global_print_carrouselmodules\banner\misc.php:165

actionwp_loadedmodules\new-bb-banner\misc.php:101

actionadmin_enqueue_scriptsmodules\new-bb-banner\misc.php:259

actionadmin_noticesmodules\new-bb-banner\misc.php:260

actionin_admin_footermodules\tryOutPlugins\tryOutPlugins.php:64

actionadmin_noticesmodules\tryOutPlugins\tryOutPlugins.php:68

actionadmin_headmodules\tryOutPlugins\tryOutPlugins.php:69

actionin_admin_footermodules\tryOutPlugins\tryOutPlugins.php:70

filterplugin_install_action_linksmodules\tryOutPlugins\tryOutPlugins.php:361

actionadmin_noticespromotion\misc.php:82

actionadmin_enqueue_scriptspromotion\misc.php:85

actionplugins_loadedwpclone.php:51

actionadmin_menuwpclone.php:52

actionadmin_initwpclone.php:59

actionadmin_enqueue_scriptswpclone.php:198

actionadmin_noticeswpclone.php:293

actionadmin_noticeswpclone.php:302

actionplugins_loadedwpclone.php:341

Maintenance & Trust

Clone Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedOct 30, 2025

PHP min version5.5

Downloads3.5M

Community Trust

Rating82/100

Number of ratings340

Active installs50K

Alternatives

Clone Alternatives

WPvivid — Backup, Migration & Staging

wpvivid-backuprestore

Migrate, staging, backup WordPress, all in one.

900K 26 CVEs

InstaWP Connect – 1-click WP Staging & Migration

instawp-connect

Create a staging WordPress site from production (live site). Ideal for testing updates, version change or re-write. Sync back only the changes.

30K 15 CVEs

Trinity Backup – Backup, Migrate, Restore, Clone & Schedule Backups

trinity-backup

100

Backup, migrate, clone, and restore WordPress sites of any size. Scheduled, pre-update backups, email notifications, WP-CLI, white label, encryption.

300 No CVEs

All-in-One WP Migration and Backup

all-in-one-wp-migration

Trusted by 60M+ sites: The gold standard for WordPress migration and backup. Migrate, backup, and restore your WordPress site with one click.

5.0M 13 CVEs

Prime Mover – Migrate WordPress Website & Backups

prime-mover

The simplest all-around WordPress migration tool/backup plugin. These support multisite backup/migration or clone WP site/multisite subsite.

10K 1 CVE

Developer Profile

Clone Developer Profile

migrateguru

2 plugins · 250K total installs

trust score

Avg Security Score

97/100

Avg Patch Time

137 days

View full developer profile

Detection Fingerprints

How We Detect Clone

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-clone-by-wp-academy/lib/css/style.css/wp-content/plugins/wp-clone-by-wp-academy/lib/js/backupmanager.js/wp-content/plugins/wp-clone-by-wp-academy/lib/js/clipboard.min.js/wp-content/plugins/wp-clone-by-wp-academy/modules/backupModal/css/style.min.css

Script Paths

/wp-content/plugins/wp-clone-by-wp-academy/lib/js/backupmanager.js/wp-content/plugins/wp-clone-by-wp-academy/lib/js/clipboard.min.js

Version Parameters

wp-clone-by-wp-academy/lib/css/style.css?ver=wp-clone-by-wp-academy/lib/js/backupmanager.js?ver=wp-clone-by-wp-academy/lib/js/clipboard.min.js?ver=wp-clone-by-wp-academy/modules/backupModal/css/style.min.css?ver=

HTML / DOM Fingerprints

CSS Classes

wpclone_main_wrapwpclone_top_menuwpclone_backup_btnwpclone_backup_listwpclone_backup_itemwpclone_restore_backupwpclone_delete_backupwpclone_install_new_backup

HTML Comments

+20 more

Data Attributes

data-target="#backupModal"data-toggle="modal"data-backup-iddata-backup-namedata-backup-datedata-backup-size+3 more

JS Globals

wpclone

FAQ