9.8

CVE-2020-35950

Exploit

Backup, Restore and Migrate WordPress Sites With the XCloner Plugin <= 4.2.152 - Cross-Site Request Forgery

An issue was discovered in the XCloner Backup and Restore plugin before 4.2.153 for WordPress. It allows CSRF (via almost any endpoint).
Mögliche Gegenmaßnahme
Backup, Restore and Migrate your sites with XCloner: Update to version 4.2.153, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
XclonerXcloner SwPlatformwordpress Version < 4.2.153
Weitere Schwachstelleninformationen
SystemWordPress Plugin
Produkt Backup, Restore and Migrate your sites with XCloner
Version [*, 4.2.153)
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.93% 0.56
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
cve@mitre.org 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

https://www.wordfence.com/blog/2020/09/critical-vulnerabilities-patched-in-xcloner-backup-and-restore-plugin/
Third Party Advisory
Exploit
https://wpscan.com/vulnerability/10413
Third Party Advisory
Exploit
https://www.wordfence.com/threat-intel/vulnerabilities/id/a5b7538f-891a-423f-97d1-b0212efcdb98
Third Party Advisory