Vulnerabilites related to Unknown - WP Attachment Export
CVE-2015-20067 (GCVE-0-2015-20067)
Vulnerability from cvelistv5
Published
2021-11-01 08:45
Modified
2024-08-06 08:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-862 - Missing Authorization
Summary
The WP Attachment Export WordPress plugin before 0.2.4 does not have proper access controls, allowing unauthenticated users to download the XML data that holds all the details of attachments/posts on a Wordpress
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | WP Attachment Export |
Version: 0.2.4 < 0.2.4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:58:26.423Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2015/Jul/73"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/espreto/wpsploit/blob/master/modules/auxiliary/scanner/http/wp_attachment_export_file_download.rb"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/d1a9ed65-baf3-4c85-b077-1f37d8c7793a"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WP Attachment Export",
"vendor": "Unknown",
"versions": [
{
"lessThan": "0.2.4",
"status": "affected",
"version": "0.2.4",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Nitin Venkatesh"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WP Attachment Export WordPress plugin before 0.2.4 does not have proper access controls, allowing unauthenticated users to download the XML data that holds all the details of attachments/posts on a Wordpress"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-01T08:45:50",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://seclists.org/fulldisclosure/2015/Jul/73"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/espreto/wpsploit/blob/master/modules/auxiliary/scanner/http/wp_attachment_export_file_download.rb"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/d1a9ed65-baf3-4c85-b077-1f37d8c7793a"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WP Attachment Export \u003c 0.2.4 - Unauthenticated Posts Download",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2015-20067",
"STATE": "PUBLIC",
"TITLE": "WP Attachment Export \u003c 0.2.4 - Unauthenticated Posts Download"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WP Attachment Export",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "0.2.4",
"version_value": "0.2.4"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Nitin Venkatesh"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WP Attachment Export WordPress plugin before 0.2.4 does not have proper access controls, allowing unauthenticated users to download the XML data that holds all the details of attachments/posts on a Wordpress"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://seclists.org/fulldisclosure/2015/Jul/73",
"refsource": "MISC",
"url": "https://seclists.org/fulldisclosure/2015/Jul/73"
},
{
"name": "https://github.com/espreto/wpsploit/blob/master/modules/auxiliary/scanner/http/wp_attachment_export_file_download.rb",
"refsource": "MISC",
"url": "https://github.com/espreto/wpsploit/blob/master/modules/auxiliary/scanner/http/wp_attachment_export_file_download.rb"
},
{
"name": "https://wpscan.com/vulnerability/d1a9ed65-baf3-4c85-b077-1f37d8c7793a",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/d1a9ed65-baf3-4c85-b077-1f37d8c7793a"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2015-20067",
"datePublished": "2021-11-01T08:45:50",
"dateReserved": "2021-10-26T00:00:00",
"dateUpdated": "2024-08-06T08:58:26.423Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}