CVE-2015-4337

XCloner WordPress Plugin 3.1.2 contains an XSS vulnerability via the excl_manual parameter in the xcloner_show page (wpadmin/plugins.php) that can be exploited by authenticated remote users. Exploitation details from Patch/PacketStorm disclosures show the vulnerability path leading to executing c...

Xloner v3.1.2 wordpress plugin authenticated command execution and XSS

This advisory is in addition to the one I filed in November http://www.openwall.com/lists/oss-security/2014/11/06/1 that had the following CVEs assigned CVE-2014-8603 CVE-2014-8604 CVE-2014-8605 CVE-2014-8606 CVE-2014-8607, advisory http://www.vapid.dhs.org/advisory.php?v=110. Title: Xloner v3.1....