Search criteria
2 vulnerabilities found for WP Attachment Export by Unknown
CVE-2015-20067 (GCVE-0-2015-20067)
Vulnerability from cvelistv5 – Published: 2021-11-01 08:45 – Updated: 2024-08-06 08:58
VLAI?
Title
WP Attachment Export < 0.2.4 - Unauthenticated Posts Download
Summary
The WP Attachment Export WordPress plugin before 0.2.4 does not have proper access controls, allowing unauthenticated users to download the XML data that holds all the details of attachments/posts on a Wordpress
Severity ?
No CVSS data available.
CWE
- CWE-862 - Missing Authorization
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | WP Attachment Export |
Affected:
0.2.4 , < 0.2.4
(custom)
|
Credits
Nitin Venkatesh
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:58:26.423Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2015/Jul/73"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/espreto/wpsploit/blob/master/modules/auxiliary/scanner/http/wp_attachment_export_file_download.rb"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/d1a9ed65-baf3-4c85-b077-1f37d8c7793a"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WP Attachment Export",
"vendor": "Unknown",
"versions": [
{
"lessThan": "0.2.4",
"status": "affected",
"version": "0.2.4",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Nitin Venkatesh"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WP Attachment Export WordPress plugin before 0.2.4 does not have proper access controls, allowing unauthenticated users to download the XML data that holds all the details of attachments/posts on a Wordpress"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-01T08:45:50",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://seclists.org/fulldisclosure/2015/Jul/73"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/espreto/wpsploit/blob/master/modules/auxiliary/scanner/http/wp_attachment_export_file_download.rb"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/d1a9ed65-baf3-4c85-b077-1f37d8c7793a"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WP Attachment Export \u003c 0.2.4 - Unauthenticated Posts Download",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2015-20067",
"STATE": "PUBLIC",
"TITLE": "WP Attachment Export \u003c 0.2.4 - Unauthenticated Posts Download"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WP Attachment Export",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "0.2.4",
"version_value": "0.2.4"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Nitin Venkatesh"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WP Attachment Export WordPress plugin before 0.2.4 does not have proper access controls, allowing unauthenticated users to download the XML data that holds all the details of attachments/posts on a Wordpress"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://seclists.org/fulldisclosure/2015/Jul/73",
"refsource": "MISC",
"url": "https://seclists.org/fulldisclosure/2015/Jul/73"
},
{
"name": "https://github.com/espreto/wpsploit/blob/master/modules/auxiliary/scanner/http/wp_attachment_export_file_download.rb",
"refsource": "MISC",
"url": "https://github.com/espreto/wpsploit/blob/master/modules/auxiliary/scanner/http/wp_attachment_export_file_download.rb"
},
{
"name": "https://wpscan.com/vulnerability/d1a9ed65-baf3-4c85-b077-1f37d8c7793a",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/d1a9ed65-baf3-4c85-b077-1f37d8c7793a"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2015-20067",
"datePublished": "2021-11-01T08:45:50",
"dateReserved": "2021-10-26T00:00:00",
"dateUpdated": "2024-08-06T08:58:26.423Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-20067 (GCVE-0-2015-20067)
Vulnerability from nvd – Published: 2021-11-01 08:45 – Updated: 2024-08-06 08:58
VLAI?
Title
WP Attachment Export < 0.2.4 - Unauthenticated Posts Download
Summary
The WP Attachment Export WordPress plugin before 0.2.4 does not have proper access controls, allowing unauthenticated users to download the XML data that holds all the details of attachments/posts on a Wordpress
Severity ?
No CVSS data available.
CWE
- CWE-862 - Missing Authorization
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | WP Attachment Export |
Affected:
0.2.4 , < 0.2.4
(custom)
|
Credits
Nitin Venkatesh
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:58:26.423Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2015/Jul/73"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/espreto/wpsploit/blob/master/modules/auxiliary/scanner/http/wp_attachment_export_file_download.rb"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/d1a9ed65-baf3-4c85-b077-1f37d8c7793a"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WP Attachment Export",
"vendor": "Unknown",
"versions": [
{
"lessThan": "0.2.4",
"status": "affected",
"version": "0.2.4",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Nitin Venkatesh"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WP Attachment Export WordPress plugin before 0.2.4 does not have proper access controls, allowing unauthenticated users to download the XML data that holds all the details of attachments/posts on a Wordpress"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-01T08:45:50",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://seclists.org/fulldisclosure/2015/Jul/73"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/espreto/wpsploit/blob/master/modules/auxiliary/scanner/http/wp_attachment_export_file_download.rb"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/d1a9ed65-baf3-4c85-b077-1f37d8c7793a"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WP Attachment Export \u003c 0.2.4 - Unauthenticated Posts Download",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2015-20067",
"STATE": "PUBLIC",
"TITLE": "WP Attachment Export \u003c 0.2.4 - Unauthenticated Posts Download"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WP Attachment Export",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "0.2.4",
"version_value": "0.2.4"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Nitin Venkatesh"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WP Attachment Export WordPress plugin before 0.2.4 does not have proper access controls, allowing unauthenticated users to download the XML data that holds all the details of attachments/posts on a Wordpress"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://seclists.org/fulldisclosure/2015/Jul/73",
"refsource": "MISC",
"url": "https://seclists.org/fulldisclosure/2015/Jul/73"
},
{
"name": "https://github.com/espreto/wpsploit/blob/master/modules/auxiliary/scanner/http/wp_attachment_export_file_download.rb",
"refsource": "MISC",
"url": "https://github.com/espreto/wpsploit/blob/master/modules/auxiliary/scanner/http/wp_attachment_export_file_download.rb"
},
{
"name": "https://wpscan.com/vulnerability/d1a9ed65-baf3-4c85-b077-1f37d8c7793a",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/d1a9ed65-baf3-4c85-b077-1f37d8c7793a"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2015-20067",
"datePublished": "2021-11-01T08:45:50",
"dateReserved": "2021-10-26T00:00:00",
"dateUpdated": "2024-08-06T08:58:26.423Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}