The XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! returns the MySQL password in cleartext to a text box in the configuration panel, which allows remote attackers to obtain sensitive information via unspecified vectors.
References
Link | Resource |
---|---|
http://www.vapid.dhs.org/advisories/wordpress/plugins/Xcloner-v3.1.1/ | Exploit |
http://www.vapid.dhs.org/advisory.php?v=110 | Exploit |
Configurations
Configuration 1 (hide)
|
Information
Published : 2015-06-10 11:59
Updated : 2015-06-11 10:33
NVD link : CVE-2014-8604
Mitre link : CVE-2014-8604
JSON object : View
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
Products Affected
xcloner
- xcloner