Today we have made available a new release — version 3.5.4 — for the unmaintained Joomla version of XCloner.
Prior versions of XCloner for Joomla contained an Authenticated Local File Disclosure vulnerability that has been patched in the latest version. Any users of the unmaintained XCloner for Joomla package should upgrade immediately.
Details of the exploit have not been published to allow users time to upgrade.