Cross-Site Request Forgery in XCloner Plugin for WordPress
CVE-2014-2340

Currently unrated

Key Information:

Vendor: Wordpress
Status: Xcloner
Vendor: CVE Published:; 3 April 2014

Summary

A Cross-site request forgery vulnerability exists in the XCloner backup plugin for WordPress prior to version 3.1.1. This flaw permits remote attackers to exploit the authentication of administrators, enabling them to initiate unauthorized backup requests via a crafted request to wp-admin/plugins.php. It underscores the importance of implementing strong security measures to prevent unauthorized execution of commands that can compromise website integrity.

References

http://www.exploit-db.com/exploits/32701

exploitx_refsource_EXPLOIT-DB

http://www.securityfocus.com/bid/66280

vdb-entryx_refsource_BID

https://www.htbridge.com/advisory/HTB23206

x_refsource_MISC

Timeline

Vulnerability published
Apr 3, 2014
Vulnerability Reserved
Mar 12, 2014