ThreatPress

WordPress Vulnerabilities Database

Back

WordPress XCloner Plugin <= 3.1.1 - Directory Traversal

Product
XCloner
Description
This vulnerability allows remote administrators to read arbitrary files in the "file" pamareter in the xcloner_show page to wp-admin/admin-ajax.php.
Solution
Update the plugin.
Classification
Type Information Disclosure
References
CVE Mitre
CVE
Name CVE-2014-8606
Versions
Affected In <= 3.1.1
Fixed In 3.1.2
Disclosure date
2014-11-04
Credits
Larry W. Cashdollar