CVE-2015-4338
Backup, Restore and Migrate WordPress Sites With the XCloner Plugin <= 3.1.2 - Remote Code Execution
Severity Score
9.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Static code injection vulnerability in the XCloner plugin 3.1.2 for WordPress allows remote authenticated users to inject arbitrary PHP code into the language files via a Translation LM_FRONT_* field for a language, as demonstrated by language/italian.php.
Vulnerabilidad de inyección de código estático en el plugin XCloner 3.1.2 para WordPress permite a usuarios remotos autenticados inyectar código PHP arbitrario en los ficheros de idiomas a través de un campo Translation LM_FRONT_* para un idioma, tal y como fue demostrado por language/italian.php.
WordPress XCloner plugin version 3.1.2 suffers from command execution and cross site scripting vulnerabilities.
*Credits:
Larry W. Cashdollar
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2015-05-10 CVE Published
- 2015-05-31 First Exploit
- 2015-06-05 CVE Reserved
- 2024-08-06 CVE Updated
- 2025-05-22 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-94: Improper Control of Generation of Code ('Code Injection')
CAPEC
References (4)
URL | Tag | Source |
---|---|---|
http://packetstormsecurity.com/files/132107/WordPress-XCloner-3.1.2-XSS-Command-Execution.html | X_refsource_misc |
|
http://www.securityfocus.com/bid/74943 | Vdb Entry | |
http://www.vapid.dhs.org/advisory.php?v=121 | X_refsource_misc |
URL | Date | SRC |
---|---|---|
https://packetstorm.news/files/id/132107 | 2015-05-31 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|