|
Description
|
|
A vulnerability has been discovered in the XCloner plugin for WordPress, which can be exploited by malicious people to disclose sensitive information.
Input passed via the "config" parameter to wp-content/plugins/xcloner-backup-and-restore/cloner.cron.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources via directory traversal attacks.
The vulnerability is confirmed in version 3.0.1. Prior versions may also be affected.
|
|
|
|
|
|
Vulnerable Products
|
|
Vulnerable Software:
WordPress XCloner Plugin 3.x
|
|
|
|
|
|
Solution
|
|
Update to version 3.0.2 or later.
|
|
|
|
|
|
CVE
|
|
|
|
|
|
|
|
References
|
|
http://plugins.trac.wordpress.org/changeset?reponame=&
new=353860%40xcloner-backup-and-restore&
old=351832%40xcloner-backup-and-restore
|
|
|
|
|
|
Vulnerability Manager Detection
|
|
No
|
|
|
|
|
|
IPS Protection
|
|
|
|
|
|
|
