CVE-2014-8605

Xcloner - Access Control

Title source: rule

Description

The XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! stores database backup files with predictable names under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to a backup file in administrators/backups/.

Exploits (1)

exploitdb WRITEUP
webappsphp
https://www.exploit-db.com/exploits/35212

References (2)

Scores

EPSS 0.0767
EPSS Percentile 91.9%

Details

CWE
CWE-264
Status published
Products (2)
xcloner/xcloner 3.1.1
xcloner/xcloner 3.5.1
Published Jun 10, 2015
Tracked Since Feb 18, 2026