Description
The XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! provides the MySQL username and password on the command line, which allows local users to obtain sensitive information via the ps command.
Exploits (1)
exploitdb
WORKING POC
by Larry W. Cashdollar · textwebappsphp
https://www.exploit-db.com/exploits/35212
References (2)
Core 2
Core References
Exploit x_refsource_misc
http://www.vapid.dhs.org/advisories/wordpress/plugins/Xcloner-v3.1.1/
Exploit x_refsource_misc
http://www.vapid.dhs.org/advisory.php?v=110
Scores
EPSS
0.0020
EPSS Percentile
42.3%
Details
CWE
CWE-200
Status
published
Products (2)
xcloner/xcloner
3.1.1
xcloner/xcloner
3.5.1
Published
Jun 10, 2015
Tracked Since
Feb 18, 2026