| Max CVSS | 6.5 | Min CVSS | 3.5 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2015-4338 | 6.5 |
Static code injection vulnerability in the XCloner plugin 3.1.2 for WordPress allows remote authenticated users to inject arbitrary PHP code into the language files via a Translation LM_FRONT_* field for a language, as demonstrated by language/italia
|
18-06-2015 - 15:24 | 17-06-2015 - 18:59 | |
| CVE-2015-4337 | 3.5 |
Cross-site scripting (XSS) vulnerability in the XCloner plugin 3.1.2 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the excl_manual parameter in the xcloner_show page to wpadmin/plugins.php.
|
18-06-2015 - 15:23 | 17-06-2015 - 18:59 | |
| CVE-2015-4336 | 6.5 |
cloner.functions.php in the XCloner plugin 3.1.2 for WordPress allows remote authenticated users to execute arbitrary commands via a file containing filenames with shell metacharacters, as demonstrated by using the backup comments feature to create t
|
18-06-2015 - 15:22 | 17-06-2015 - 18:59 |