DeMomentSomTres WordPress Export Posts With Images <= 20220825 – Subscriber+ unauthorized data export | CVE 2023-5905

Description

The plugin does not check authorization of requests to export the blog data, allowing any logged in user, such as subscribers to export the contents of the blog, including restricted and unpublished posts, as well as passwords of protected posts.

Proof of Concept

https://example.com/wp-admin/admin.php?dms3export=1

Affects Plugins

demomentsomtres-wp-export

No known fix

References

CVE

CVE-2023-5905

Classification

Type

NO AUTHORISATION

OWASP top 10

A5: Broken Access Control

CWE

CWE-862

Miscellaneous

Original Researcher

Krzysztof Zając

Submitter

Krzysztof Zając

Submitter website

https://cert.pl

Submitter twitter

cert_polska_en

Verified

Yes

WPVDB ID

f94e91ef-1773-476c-9945-37e89ceefd3f

Timeline

Publicly Published

2023-12-21 (about 4 months ago)

Added

2023-12-21 (about 4 months ago)

Last Updated

2023-12-21 (about 4 months ago)

Other

Published

Title

Published

2024-01-31

Title

PropertyHive < 2.0.7 - Missing Authorization via activate_pro_feature

Published

2024-04-08

Title

Premmerce Product Filter for WooCommerce < 3.7.3 - Missing Authorization

Published

2024-04-22

Title

Podlove Podcast Publisher < 4.0.15 - Cross-Site Request Forgery

Published

2024-01-31

Title

NEX-Forms – Ultimate Form Builder – Contact forms and much more < 8.5.7 - Missing Authorization via set_read()

Published

2022-09-05

Title

WP Popup Builder < 1.3.0 - Subscriber+ Arbitrary Popup Deletion