Lucene search
HistoryJun 17, 2015 - 6:59 p.m.
CVE-2015-4338
cve-2015-4338
static code injection
xcloner
wordpress
remote authenticated users
php code
6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
7 High
AI Score
Confidence
Low
0.003 Low
EPSS
Percentile
71.5%
Static code injection vulnerability in the XCloner plugin 3.1.2 for WordPress allows remote authenticated users to inject arbitrary PHP code into the language files via a Translation LM_FRONT_* field for a language, as demonstrated by language/italian.php.
Affected configurations
Node
xclonerxclonerMatch3.1.2wordpress
| CPE | Name | Operator | Version |
|---|---|---|---|
| xcloner:xcloner | xcloner | eq | 3.1.2 |
Related
cvelist
cvelist
CVE-2015-4338
2015-06-17 18:00:00
prion
prion
Code injection
2015-06-17 18:59:00
nvd
nvd
CVE-2015-4338
2015-06-17 18:59:06
patchstack
patchstack
WordPress XCloner Plugin <= 3.1.2 - Static Code Injection
2015-06-05 00:00:00
packetstorm
packetstorm
WordPress XCloner 3.1.2 XSS / Command Execution
2015-05-31 00:00:00
wpvulndb
wpvulndb
XCloner - Backup and Restore 3.1.2 - XSS & Command Execution
2015-05-10 00:00:00
securityvulns
securityvulns
6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
7 High
AI Score
Confidence
Low
0.003 Low
EPSS
Percentile
71.5%
Related for CVE-2015-4338