CVE-2015-20067
N/A
N/A
Summary
The WP Attachment Export WordPress plugin before 0.2.4 does not have proper access controls, allowing unauthenticated users to download the XML data that holds all the details of attachments/posts on a Wordpress
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Unknown | WP Attachment Export | 0.2.4 < 0.2.4 | affected |
Weaknesses
- CWE-862: CWE-862 Missing Authorization
ADP Enrichment
CVE Program Container
Additional References
- https://seclists.org/fulldisclosure/2015/Jul/73
- https://github.com/espreto/wpsploit/blob/master/modules/auxiliary/scanner/http/wp_attachment_export_file_download.rb
- https://wpscan.com/vulnerability/d1a9ed65-baf3-4c85-b077-1f37d8c7793a
References
- https://seclists.org/fulldisclosure/2015/Jul/73
- https://github.com/espreto/wpsploit/blob/master/modules/auxiliary/scanner/http/wp_attachment_export_file_download.rb
- https://wpscan.com/vulnerability/d1a9ed65-baf3-4c85-b077-1f37d8c7793a
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.