Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
patchstackLarry W. CashdollarPATCHSTACK:C4DD31D91109187572B4DDB35300E878
HistoryNov 04, 2014 - 12:00 a.m.

WordPress XCloner Plugin <= 3.1.1 - Remote Database Download & Local File Permissions

2014-11-0400:00:00
Larry W. Cashdollar
patchstack.com
5

0.007 Low

EPSS

Percentile

80.6%

JSON

The attackers can obtain sensitive information via a direct request to a backup file in administrators/backups/, because the plugin stores database backup files with predictable names under the web root with insufficient access control.

Solution

           Update the plugin.
CPENameOperatorVersion
xclonerle3.1.1

Related

cve 1
cvelist 1
nvd 1
prion 1
wpvulndb 1
securityvulns 1
packetstorm 1
cve
cve
CVE-2014-8605
2015-06-10 18:59:02
cvelist
cvelist
CVE-2014-8605
2015-06-10 18:00:00
nvd
nvd
CVE-2014-8605
2015-06-10 18:59:02
prion
prion
Improper access control
2015-06-10 18:59:00
wpvulndb
wpvulndb
XCloner - Backup and Restore < 3.1.2 - Multiple Vulnerabilities (RCE & LFI)
2014-10-17 00:00:00
securityvulns
securityvulns
Xloner v3.1.2 wordpress plugin authenticated command execution and XSS
2015-06-08 00:00:00
packetstorm
packetstorm
Joomla/WordPress XCloner Command Execution / Password Disclosure
2014-11-07 00:00:00

0.007 Low

EPSS

Percentile

80.6%

JSON
Related for PATCHSTACK:C4DD31D91109187572B4DDB35300E878
cve1cvelist1nvd1prion1wpvulndb1securityvulns1packetstorm1