ThreatPress

WordPress Vulnerabilities Database

Back

WordPress XCloner Plugin <= 3.1.2 - Multiple vulnerabilities

Product
XCloner
Description
This XCloner plugin is prone to an authenticated command execution and XSS. Because of multiple vulnerabilities in cloner.functions.php, remote authenticated users can execute arbitrary commands via a file containing filenames with shell metacharacters.
Solution
Update the plugin.
Classification
Type Multi
References
CVE Mitre
CVE
Name CVE-2015-4336
Versions
Affected In <= 3.1.2
Fixed In 3.1.3
Disclosure date
2015-06-05
Credits
Larry W. Cashdollar