Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-2340

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2014-2340
Last Modified 19 Apr 2014 12:48:28
Published 03 Apr 2014 12:15:44
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2014-2340

Summary

Cross-site request forgery (CSRF) vulnerability in the XCloner plugin before 3.1.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that create website backups via a request to wp-admin/plugins.php.

Vulnerable Systems

Application

  • Xcloner 2.1

  • Xcloner 2.1.2

  • Xcloner 2.2.1

  • Xcloner 3.0

  • Xcloner 3.0.1

  • Xcloner 3.0.2

  • Xcloner 3.0.3

  • Xcloner 3.0.4

  • Xcloner 3.0.5

  • Xcloner 3.0.6

  • Xcloner 3.0.7

  • Xcloner 3.0.8

  • Xcloner 3.1.0


References

MISC - https://www.htbridge.com/advisory/HTB23206

BID - 66280

BUGTRAQ - 20140402 Сross-Site Request Forgery (CSRF) in XCloner Wordpress Plugin

CONFIRM - http://wordpress.org/plugins/xcloner-backup-and-restore/changelog/

SECUNIA - 57362

EXPLOIT-DB - 32701


Last Updated: 27 May 2016 11:04:51