CVE-2015-20067

Опубликовано: 01 нояб. 2021

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Средний

Описание

The WP Attachment Export WordPress plugin before 0.2.4 does not have proper access controls, allowing unauthenticated users to download the XML data that holds all the details of attachments/posts on a Wordpress

Ссылки

https://github.com/espreto/wpsploit/blob/master/modules/auxiliary/scanner/http/wp_attachment_export_file_download.rb
Exploit
Third Party Advisory
https://seclists.org/fulldisclosure/2015/Jul/73
Exploit
Mailing List
Third Party Advisory
https://wpscan.com/vulnerability/d1a9ed65-baf3-4c85-b077-1f37d8c7793a
Exploit
Third Party Advisory
https://github.com/espreto/wpsploit/blob/master/modules/auxiliary/scanner/http/wp_attachment_export_file_download.rb
Exploit
Third Party Advisory
https://seclists.org/fulldisclosure/2015/Jul/73
Exploit
Mailing List
Third Party Advisory
https://wpscan.com/vulnerability/d1a9ed65-baf3-4c85-b077-1f37d8c7793a
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:wp_attachment_export_project:wp_attachment_export:*:*:*:*:*:wordpress:*:*

Версия до 0.2.4 (исключая)

EPSS

Процентиль: 95%

0.19119

Средний

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-862

Связанные уязвимости

GHSA-7579-vg8j-qmq7

github

больше 3 лет назад