CVE-2014-8607

Name of the Vulnerable Software and Affected Versions XCloner plugin version 3.1.1 for WordPress XCloner plugin version 3.5.1 for Joomla!

Description The issue allows local users to obtain sensitive information, specifically the MySQL username and password, via the ps command. This is because the XCloner plugin provides these credentials on the command line.

Recommendations For XCloner plugin version 3.1.1 for WordPress, consider restricting access to the command line interface to minimize the risk of exploitation. For XCloner plugin version 3.5.1 for Joomla!, avoid using the plugin until a patch is available that properly secures the MySQL username and password. As a temporary workaround, consider disabling the XCloner plugin until a secure version is released.