ThreatPress

WordPress Vulnerabilities Database

Back

WordPress XCloner Plugin 3.1.0 - CSRF

Product
XCloner
Description
XCloner plugin is prone to a cross-site request forgery vulnerability that exists because of insufficient verification of HTTP request origin. The attackers can trick a logged-in administrator to visit a specially crafted webpage and create a website backup.
Solution
Update to XCloner 3.1.1.
Classification
Type Cross Site Request Forgery (CSRF)
OWASP Top 10 A8: Cross Site Request Forgery (CSRF)
References
Exploit-DB
CVE
Name CVE-2014-2340
Versions
Affected In <= 3.1.0
Fixed In 3.1.1
Disclosure date
2014-04-04
Credits
High-Tech Bridge SA