Vulnerabilities > CVE-2015-20067 - Missing Authorization vulnerability in WP Attachment Export Project WP Attachment Export

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

wp-attachment-export-project

CWE-862

NVD

Published: 2021-11-01

Updated: 2021-11-03

Summary

The WP Attachment Export WordPress plugin before 0.2.4 does not have proper access controls, allowing unauthenticated users to download the XML data that holds all the details of attachments/posts on a Wordpress

Vulnerable Configurations

Part	Description	Count
Application	Wp_Attachment_Export_Project WP Attachment Export Project WP Attachment Export - WP Attachment Export Project WP Attachment Export 0.1.0 WP Attachment Export Project WP Attachment Export 0.2.0 WP Attachment Export Project WP Attachment Export 0.2.1 WP Attachment Export Project WP Attachment Export 0.2.2 WP Attachment Export Project WP Attachment Export 0.2.3	6

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References