Vulnerability Details CVE-2015-20067
The WP Attachment Export WordPress plugin before 0.2.4 does not have proper access controls, allowing unauthenticated users to download the XML data that holds all the details of attachments/posts on a Wordpress
Exploit prediction scoring system (EPSS) score
EPSS Score 0.154
EPSS Ranking 94.4%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- https://github.com/espreto/wpsploit/blob/master/modules/auxiliary/scanner/http/wp_attachment_export_file_download.rb
- https://seclists.org/fulldisclosure/2015/Jul/73
- https://wpscan.com/vulnerability/d1a9ed65-baf3-4c85-b077-1f37d8c7793a
- https://github.com/espreto/wpsploit/blob/master/modules/auxiliary/scanner/http/wp_attachment_export_file_download.rb
- https://seclists.org/fulldisclosure/2015/Jul/73
- https://wpscan.com/vulnerability/d1a9ed65-baf3-4c85-b077-1f37d8c7793a
Products affected by CVE-2015-20067
-
cpe:2.3:a:wp_attachment_export_project:wp_attachment_export:-
-
cpe:2.3:a:wp_attachment_export_project:wp_attachment_export:0.1.0
-
cpe:2.3:a:wp_attachment_export_project:wp_attachment_export:0.2.0
-
cpe:2.3:a:wp_attachment_export_project:wp_attachment_export:0.2.1
-
cpe:2.3:a:wp_attachment_export_project:wp_attachment_export:0.2.2
-
cpe:2.3:a:wp_attachment_export_project:wp_attachment_export:0.2.3