Lucene search

High-Tech Bridge AdvisoryPATCHSTACK:03827C9A8FC8B9566C9E665CE22A5380

HistoryMar 21, 2014 - 12:00 a.m.

WordPress XCloner Standalone Plugin <= 3.5 - Multiple CSRF

2014-03-2100:00:00

High-Tech Bridge Advisory

patchstack.com

7.6 High

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

JSON

Because of these multiple vulnerabilities, the attackers can hijack the authentication of administrators for requests that change the administrator password via the config task to index2.php.

Solution

           Update the plugin.

CPENameOperatorVersion
xcloner standalonele3.5

CPE	Name	Operator	Version
	xcloner standalone	le	3.5

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2579

7.6 High

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

JSON

Related for PATCHSTACK:03827C9A8FC8B9566C9E665CE22A5380