Description
Cross-site request forgery (CSRF) vulnerability in the XCloner plugin before 3.1.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that create website backups via a request to wp-admin/plugins.php.
Exploits (1)
exploitdb
WORKING POC
by High-Tech Bridge SA · textwebappsphp
https://www.exploit-db.com/exploits/32701
References (6)
Core 6
Core References
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/32701
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/66280
Exploit x_refsource_misc
https://www.htbridge.com/advisory/HTB23206
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/57362
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/531712/100/0/threaded
Product x_refsource_confirm
http://wordpress.org/plugins/xcloner-backup-and-restore/changelog/
Scores
EPSS
0.0144
EPSS Percentile
80.8%
Details
CWE
CWE-352
Status
published
Products (13)
xcloner/xcloner
2.1
xcloner/xcloner
2.1.2
xcloner/xcloner
2.2.1
xcloner/xcloner
3.0
xcloner/xcloner
3.0.1
xcloner/xcloner
3.0.2
xcloner/xcloner
3.0.3
xcloner/xcloner
3.0.4
xcloner/xcloner
3.0.5
xcloner/xcloner
3.0.6
... and 3 more
Published
Apr 03, 2014
Tracked Since
Feb 18, 2026