Vulnerabilities > CVE-2015-20067 - Unspecified vulnerability in WP Attachment Export Project WP Attachment Export
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
The WP Attachment Export WordPress plugin before 0.2.4 does not have proper access controls, allowing unauthenticated users to download the XML data that holds all the details of attachments/posts on a Wordpress
Vulnerable Configurations
References
- https://github.com/espreto/wpsploit/blob/master/modules/auxiliary/scanner/http/wp_attachment_export_file_download.rb
- https://github.com/espreto/wpsploit/blob/master/modules/auxiliary/scanner/http/wp_attachment_export_file_download.rb
- https://seclists.org/fulldisclosure/2015/Jul/73
- https://seclists.org/fulldisclosure/2015/Jul/73
- https://wpscan.com/vulnerability/d1a9ed65-baf3-4c85-b077-1f37d8c7793a
- https://wpscan.com/vulnerability/d1a9ed65-baf3-4c85-b077-1f37d8c7793a