ThreatPress

WordPress Vulnerabilities Database

Back

WordPress XCloner Plugin <= 3.1.1 - Multiple Vulnerabilities

Product
XCloner
Description
There are multiple vulnerabilities in this plugin, such as arbitrary command execution, clear text MySQL password exposure through html text box under configuration panel, MySQL password exposed to process table, database backups exposed to local users due to open file permissions, authenticated remote file access and unauthenticated remote access to backup files via easily guessable file names.
Solution
Update the plugin.
Classification
Type Multi
References
CVE Mitre
CVE
Name CVE-2014-8607
Versions
Affected In <= 3.1.1
Fixed In 3.1.2
Disclosure date
2014-11-04
Credits
Larry W. Cashdollar