CVE-2014-2340
XCloner < 3.1.1 - Cross-Site Request Forgery via Backup Creation
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2014-2340. PoCs published by High-Tech Bridge SA.
AI-analyzed exploit summary This is a CSRF exploit for XCloner WordPress plugin (CVE-2014-2340) that tricks an admin into creating a publicly accessible backup. The PoC uses a crafted HTML form with JavaScript auto-submission to trigger the backup generation.
Description
Cross-site request forgery (CSRF) vulnerability in the XCloner plugin before 3.1.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that create website backups via a request to wp-admin/plugins.php.
Exploits (1)
This is a CSRF exploit for XCloner WordPress plugin (CVE-2014-2340) that tricks an admin into creating a publicly accessible backup. The PoC uses a crafted HTML form with JavaScript auto-submission to trigger the backup generation.