CVE Tools

xcloner

Consumer Softwarecommercial

11

Cumulative CVEs

2

Monthly snapshots

#21

Peak rank

Top products

Latest CVEs

The 14 most recently published vulnerabilities affecting xcloner.

CVE-2020-35948An issue was discovered in the XCloner Backup and Restore plugin before 4.2.13 for WordPress. It gave authenticated attackers the ability to modify arbitrary files, including PHP files. Doing so wo...9.9Jan 1, 2021
CVE-2020-35950An issue was discovered in the XCloner Backup and Restore plugin before 4.2.153 for WordPress. It allows CSRF (via almost any endpoint).9.8Jan 1, 2021
CVE-2020-13424The XCloner component before 3.5.4 for Joomla! allows Authenticated Local File Disclosure.6.5May 23, 2020
CVE-2015-4338Static code injection vulnerability in the XCloner plugin 3.1.2 for WordPress allows remote authenticated users to inject arbitrary PHP code into the language files via a Translation LM_FRONT_* fie...6.5Jun 17, 2015
CVE-2015-4337Cross-site scripting (XSS) vulnerability in the XCloner plugin 3.1.2 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the excl_manual parameter in the xclo...3.5Jun 17, 2015
CVE-2015-4336cloner.functions.php in the XCloner plugin 3.1.2 for WordPress allows remote authenticated users to execute arbitrary commands via a file containing filenames with shell metacharacters, as demonstr...6.5Jun 17, 2015
CVE-2014-8607The XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! provides the MySQL username and password on the command line, which allows local users to obtain sensitive information via the ps command.2.1Jun 10, 2015
CVE-2014-8606Directory traversal vulnerability in the XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! allows remote administrators to read arbitrary files via a .. (dot dot) in the file parameter in a ...4.0Jun 10, 2015
CVE-2014-8605The XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! stores database backup files with predictable names under the web root with insufficient access control, which allows remote attackers t...5.0Jun 10, 2015
CVE-2014-8604The XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! returns the MySQL password in cleartext to a text box in the configuration panel, which allows remote attackers to obtain sensitive info...5.0Jun 10, 2015
CVE-2014-8603cloner.functions.php in the XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! allows remote administrators to execute arbitrary code via shell metacharacters in the (1) file name when creati...6.5Jun 10, 2015
CVE-2014-2996XCloner Standalone 3.5 and earlier, when enable_db_backup and sql_mem are enabled, allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the dbbackup_...7.1Apr 25, 2014
CVE-2014-2579Multiple cross-site request forgery (CSRF) vulnerabilities in XCloner Standalone 3.5 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) change t...7.6Apr 25, 2014
CVE-2014-2340Cross-site request forgery (CSRF) vulnerability in the XCloner plugin before 3.1.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that create webs...6.8Apr 3, 2014