WordPress XCloner Plugin Cross Site Scripting and Remote Command Execution Vulnerabilities

The XCloner plugin for WordPress is prone to a cross-site scripting vulnerability and a remote command-execution vulnerability because it fails to properly sanitize user-supplied input.

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials or execute arbitrary commands within the context of the affected application.

XCloner 3.1.2 is vulnerable; other versions may also be affected.


Privacy Statement
Copyright 2010, SecurityFocus