Vulnerability Description
The WP Attachment Export WordPress plugin before 0.2.4 does not have proper access controls, allowing unauthenticated users to download the XML data that holds all the details of attachments/posts on a Wordpress
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Wp Attachment Export Project | Wp Attachment Export | < 0.2.4 |
Related Weaknesses (CWE)
References
- https://github.com/espreto/wpsploit/blob/master/modules/auxiliary/scanner/http/wExploitThird Party Advisory
- https://seclists.org/fulldisclosure/2015/Jul/73ExploitMailing ListThird Party Advisory
- https://wpscan.com/vulnerability/d1a9ed65-baf3-4c85-b077-1f37d8c7793aExploitThird Party Advisory
- https://github.com/espreto/wpsploit/blob/master/modules/auxiliary/scanner/http/wExploitThird Party Advisory
- https://seclists.org/fulldisclosure/2015/Jul/73ExploitMailing ListThird Party Advisory
- https://wpscan.com/vulnerability/d1a9ed65-baf3-4c85-b077-1f37d8c7793aExploitThird Party Advisory
FAQ
What is CVE-2015-20067?
CVE-2015-20067 is a vulnerability with a CVSS score of 7.5 (HIGH). The WP Attachment Export WordPress plugin before 0.2.4 does not have proper access controls, allowing unauthenticated users to download the XML data that holds all the details of attachments/posts on ...
How severe is CVE-2015-20067?
CVE-2015-20067 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-20067?
Check the references section above for vendor advisories and patch information. Affected products include: Wp Attachment Export Project Wp Attachment Export.