Sensitive Information Exposure in XCloner Plugin for WordPress and Joomla
CVE-2014-8604

Currently unrated

Key Information:

Vendor: Wordpress
Status: Xcloner
Vendor: CVE Published:; 10 June 2015

Summary

The XCloner plugin versions 3.1.1 for WordPress and 3.5.1 for Joomla! contain a security issue that allows unauthorized users to retrieve the MySQL database password in cleartext. This exposure occurs through a flaw in the configuration panel that reveals sensitive data, potentially compromising user and site security. Attackers can exploit this vulnerability through various unspecified methods, leading to unauthorized access to the database and its contents.

References

http://www.vapid.dhs.org/advisories/wordpress/plugins/Xcl...

x_refsource_MISC

http://www.vapid.dhs.org/advisory.php?v=110

x_refsource_MISC

EPSS Score

8% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jun 10, 2015
Vulnerability Reserved
Nov 4, 2014