ThreatPress

WordPress Vulnerabilities Database

Back

WordPress XCloner Plugin <= 3.1.2 - Static Code Injection

Product
XCloner
Description
Because of this vulnerability remote authenticated users can inject arbitrary PHP code into the language files via a Translation LM_FRONT_* field for a language.
Solution
Update the plugin.
Classification
Type SQL Injection
OWASP Top 10 A1: Injection
References
CVE Mitre
CVE
Name CVE-2015-4338
Versions
Affected In <= 3.1.2
Fixed In 3.1.3
Disclosure date
2015-06-05
Credits
Larry W. Cashdollar