CVE-2014-2340

Currently unrated

Key Information:

Vendor: Wordpress
Status: Xcloner
Vendor: CVE Published:; 3 April 2014

Summary

Cross-site request forgery (CSRF) vulnerability in the XCloner plugin before 3.1.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that create website backups via a request to wp-admin/plugins.php.

References

http://www.exploit-db.com/exploits/32701

exploitx_refsource_EXPLOIT-DB

http://www.securityfocus.com/bid/66280

vdb-entryx_refsource_BID

https://www.htbridge.com/advisory/HTB23206

x_refsource_MISC

Timeline

Vulnerability published
Apr 3, 2014
Vulnerability Reserved
Mar 12, 2014