CVE-2015-4336
Backup, Restore and Migrate WordPress Sites With the XCloner Plugin <= 3.1.2 - Remote Command Execution
Severity Score
8.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
2
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
cloner.functions.php in the XCloner plugin 3.1.2 for WordPress allows remote authenticated users to execute arbitrary commands via a file containing filenames with shell metacharacters, as demonstrated by using the backup comments feature to create the file.
cloner.functions.php en el plugin XCloner 3.1.2 para WordPress permite a usuarios remotos autenticados ejecutar comandos arbitrarios a travĂ©s de un fichero que contiene nombres de ficheros con metacaracteres de shell, tal y como fue demostrado mediante el uso de la caracterĂstica de comentarios sobre la copia de seguridad para crear el fichero.
WordPress XCloner plugin version 3.1.2 suffers from command execution and cross site scripting vulnerabilities.
*Credits:
Larry W. Cashdollar
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2015-05-10 CVE Published
- 2015-06-05 CVE Reserved
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- 2024-08-31 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/74943 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| http://packetstormsecurity.com/files/132107/WordPress-XCloner-3.1.2-XSS-Command-Execution.html | 2024-08-06 | |
| http://www.vapid.dhs.org/advisory.php?v=121 | 2024-08-06 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|