2 matches found
CVE-2015-4336
The CVE concerns WordPress XCloner Plugin (3.1.2) where cloner.functions.php allows remote authenticated users to execute arbitrary commands by supplying a file containing filenames with shell metacharacters. The vulnerability arises from reading the file into $excluded_cmd and passing it to exec...
Xloner v3.1.2 wordpress plugin authenticated command execution and XSS
This advisory is in addition to the one I filed in November http://www.openwall.com/lists/oss-security/2014/11/06/1 that had the following CVEs assigned CVE-2014-8603 CVE-2014-8604 CVE-2014-8605 CVE-2014-8606 CVE-2014-8607, advisory http://www.vapid.dhs.org/advisory.php?v=110. Title: Xloner v3.1....