Lucene search
China National Vulnerability DatabaseCNVD-2022-57628HistoryJun 30, 2022 - 12:00 a.m.
WordPress XCloner plugin cross-site request forgery vulnerability
2022-06-3000:00:00
China National Vulnerability Database
www.cnvd.org.cn
12
wordpress
xcloner
cross-site request forgery
vulnerability
php
authorization
csrf
unauthenticated attacker
backup encryption key
EPSS
0.001
Percentile
39.5%
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. versions of the WordPress XCloner plugin prior to 4.3.6 are vulnerable to cross-site request forgery, which stems from a lack of authorization and CSRF checks when resetting its settings, and can be exploited by an unauthenticated attacker to exploit the vulnerability to perform a reset, including generating a new backup encryption key.
Related
prion
prion
Cross site request forgery (csrf)
2022-06-27 09:15:00
nvd
nvd
CVE-2022-0444
2022-06-27 09:15:08
patchstack
patchstack
cvelist
cvelist
CVE-2022-0444 XCloner < 4.3.6 - Plugin Settings Reset
2022-06-27 08:55:47
wpvulndb
wpvulndb
XCloner < 4.3.6 - Plugin Settings Reset
2022-06-06 00:00:00
cve
cve
CVE-2022-0444
2022-06-27 09:15:08
wpexploit
wpexploit
XCloner < 4.3.6 - Plugin Settings Reset
2022-06-06 00:00:00