Cross-Site Request Forgery Vulnerability in XCloner Standalone by XCloner
CVE-2014-2579

Currently unrated

Key Information:

Vendor

Wordpress
Status
Xcloner
Vendor
CVE Published:
25 April 2014

Badges

๐Ÿ‘พ Exploit Exists

What is CVE-2014-2579?

Multiple vulnerabilities exist in XCloner Standalone versions 3.5 and earlier that allow remote attackers to perform Cross-Site Request Forgery (CSRF) attacks. These vulnerabilities can potentially allow attackers to hijack administrator authentication sessions to initiate unwanted actions. Specifically, attackers can exploit these vulnerabilities to change the administrator password or access database backup functionalities without proper authorization, particularly when specific options are enabled. It is crucial for users of XCloner Standalone to apply necessary patches and secure their instances to prevent these exploitations.

References

https://www.htbridge.com/advisory/HTB23207
x_refsource_MISC
http://www.exploit-db.com/exploits/32790
exploitx_refsource_EXPLOIT-DB
http://www.securityfocus.com/bid/66751
vdb-entryx_refsource_BID

EPSS Score

6% chance of being exploited in the next 30 days.

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.