CVE-2014-8606

🗓️ 10 Jun 2015 18:00:00Reported by mitreType

cve🔗 web.nvd.nist.gov👁 45 Views🌐 WEB

Directory traversal vuln. in XCloner plugin 3.1.1 for WordPress & 3.5.1 for Joomla

Reporter	Title	Published	Views	Family All 8
Cvelist	CVE-2014-8606	10 Jun 201518:00	–	cvelist
EUVD	EUVD-2014-8443	7 Oct 202500:30	–	euvd
NVD	CVE-2014-8606	10 Jun 201518:59	–	nvd
Packet Storm	Joomla/WordPress XCloner Command Execution / Password Disclosure	7 Nov 201400:00	–	packetstorm
Patchstack	WordPress XCloner Plugin <= 3.1.1 - Directory Traversal	4 Nov 201400:00	–	patchstack
Prion	Directory traversal	10 Jun 201518:59	–	prion
securityvulns	Xloner v3.1.2 wordpress plugin authenticated command execution and XSS	8 Jun 201500:00	–	securityvulns
WPVulnDB	XCloner - Backup and Restore < 3.1.2 - Multiple Vulnerabilities (RCE & LFI)	17 Oct 201400:00	–	wpvulndb

NVD

Node

xcloner xclonerMatch3.1.1wordpress

xcloner xclonerMatch3.5.1joomla!

Source	Link
vapid	www.vapid.dhs.org/advisory.php
vapid	www.vapid.dhs.org/advisories/wordpress/plugins/Xcloner-v3.1.1/

Parameter	Position	Path	Description	CWE
action	query param	wp-admin/admin-ajax.php	Directory traversal via the file parameter in the json_return action to xcloner_show allowing reading arbitrary files.	CWE-22
page	query param	wp-admin/admin-ajax.php	Directory traversal via the file parameter in the json_return action to xcloner_show allowing reading arbitrary files.	CWE-22
option	query param	wp-admin/admin-ajax.php	Directory traversal via the file parameter in the json_return action to xcloner_show allowing reading arbitrary files.	CWE-22
task	query param	wp-admin/admin-ajax.php	Directory traversal via the file parameter in the json_return action to xcloner_show allowing reading arbitrary files.	CWE-22
file	query param	wp-admin/admin-ajax.php	Directory traversal via the file parameter in the json_return action to xcloner_show allowing reading arbitrary files.	CWE-22

17 Jun 2026 00:17Current

6.8Medium risk

Vulners AI Score6.8

CVSS 24

EPSS0.06206