CVE-2014-8605

Currently unrated

Key Information:

Vendor: Wordpress
Status: Xcloner
Vendor: CVE Published:; 10 June 2015

Summary

The XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! stores database backup files with predictable names under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to a backup file in administrators/backups/.

References

http://www.vapid.dhs.org/advisories/wordpress/plugins/Xcl...

x_refsource_MISC

http://www.vapid.dhs.org/advisory.php?v=110

x_refsource_MISC

Timeline

Vulnerability published
Jun 10, 2015
Vulnerability Reserved
Nov 4, 2014