WordPress Plugin Vulnerabilities

XCloner - Backup and Restore < 3.1.1 - Multiple Actions CSRF

Description

The Backup, Restore and Migrate WordPress Sites With the XCloner Plugin WordPress plugin was affected by a Backup and Restore < 3.1.1 - Multiple Actions CSRF security vulnerability.

Affects Plugins

Plugin icon
xcloner-backup-and-restore
Fixed in 3.1.1

References

CVE
CVE-2014-2340
CVE
CVE-2014-2579
Exploitdb
32701
URL
https://packetstormsecurity.com/files/#125991/
URL
https://www.immuniweb.com/advisory/HTB23206
URL
https://www.immuniweb.com/advisory/HTB23207

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
7.5 (high)

Miscellaneous

Verified
No
WPVDB ID
2b390b6c-9a99-43df-9c85-0f176d581d7c

Timeline

Publicly Published
2014-08-01 (about 11 years ago)
Added
2014-08-01 (about 11 years ago)
Last Updated
2020-09-25 (about 5 years ago)

Other

Published
Title
Published
2025-03-24
Title
LH OGP Meta <= 1.73 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2026-04-21
Title
TextP2P Texting Widget <= 1.7 - Cross-Site Request Forgery to Settings Update
Published
2023-09-11
Title
Checkout Field Editor (Premium) < 1.7.5 - Cross-Site Request Forgery
Published
2024-07-09
Title
WP Ajax Contact Form <= 2.2.2 - Arbitrary Email Deletion via CSRF
Published
2025-10-15
Title
Ally - Web Accessibility & Usability < 3.8.1 - Cross-Site Request Forgery to Plugin Settings Update