WordPress Plugin Vulnerabilities
Doneren met Mollie < 2.8.5 - Unauthorised CSV Export leading to Sensitive Data Disclosure
Description
The plugin did not check for user capability in the dmm_export_donations() function, allowing any authenticated user to export a CSV file containing all donors personal information.
Proof of Concept
GET /wp-admin/admin-post.php?action=dmm_export
Affects Plugins
References
Classification
Type
ACCESS CONTROLS
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Jerome Bruandet (nintechnet)
Verified
No
WPVDB ID
Timeline
Publicly Published
2021-01-22 (about 3 years ago)
Added
2021-01-22 (about 3 years ago)
Last Updated
2021-01-23 (about 3 years ago)