WordPress XCloner Standalone Plugin <= 3.5

Back

WordPress XCloner Standalone Plugin <= 3.5 - Multiple CSRF

Product: XCloner Standalone
Description: Because of these multiple vulnerabilities, the attackers can hijack the authentication of administrators for requests that change the administrator password via the config task to index2.php.
Solution: Update the plugin.
Classification: Type Cross Site Request Forgery (CSRF)
OWASP Top 10 A8: Cross Site Request Forgery (CSRF)
References: CVE Mitre
CVE: Name CVE-2014-2579
Versions: Affected In <= 3.5
Fixed In 3.6
Disclosure date: 2014-03-21
Credits: High-Tech Bridge Advisory