2 matches found
CVE-2015-4338
CVE-2015-4338 affects the WordPress XCloner plugin (version 3.1.2). The vulnerability is a static code injection that lets remote authenticated users inject arbitrary PHP code into language files via the Translation LM_FRONT_* field (demonstrated by language/italian.php). Impact described: potent...
Xloner v3.1.2 wordpress plugin authenticated command execution and XSS
This advisory is in addition to the one I filed in November http://www.openwall.com/lists/oss-security/2014/11/06/1 that had the following CVEs assigned CVE-2014-8603 CVE-2014-8604 CVE-2014-8605 CVE-2014-8606 CVE-2014-8607, advisory http://www.vapid.dhs.org/advisory.php?v=110. Title: Xloner v3.1....