Lucene search
HistoryJun 17, 2015 - 6:59 p.m.
CVE-2015-4336
cve-2015-4336
xcloner plugin
wordpress
remote code execution
authentication
vulnerability
nvd
6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
7.4 High
AI Score
Confidence
High
0.006 Low
EPSS
Percentile
79.5%
cloner.functions.php in the XCloner plugin 3.1.2 for WordPress allows remote authenticated users to execute arbitrary commands via a file containing filenames with shell metacharacters, as demonstrated by using the backup comments feature to create the file.
Affected configurations
Node
xclonerxclonerMatch3.1.2wordpress
| CPE | Name | Operator | Version |
|---|---|---|---|
| xcloner:xcloner | xcloner | eq | 3.1.2 |
Related
patchstack
patchstack
WordPress XCloner Plugin <= 3.1.2 - Multiple vulnerabilities
2015-06-05 00:00:00
prion
prion
Design/Logic Flaw
2015-06-17 18:59:00
cvelist
cvelist
CVE-2015-4336
2015-06-17 18:00:00
nvd
nvd
CVE-2015-4336
2015-06-17 18:59:04
packetstorm
packetstorm
WordPress XCloner 3.1.2 XSS / Command Execution
2015-05-31 00:00:00
wpvulndb
wpvulndb
XCloner - Backup and Restore 3.1.2 - XSS & Command Execution
2015-05-10 00:00:00
securityvulns
securityvulns
6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
7.4 High
AI Score
Confidence
High
0.006 Low
EPSS
Percentile
79.5%
Related for CVE-2015-4336