Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities found for wp_attachment_export by wp_attachment_export_project
CVE-2015-20067 (GCVE-0-2015-20067)
Vulnerability from cvelistv5 – Published: 2021-11-01 08:45 – Updated: 2024-08-06 08:58
VLAI
Title
WP Attachment Export < 0.2.4 - Unauthenticated Posts Download
Summary
The WP Attachment Export WordPress plugin before 0.2.4 does not have proper access controls, allowing unauthenticated users to download the XML data that holds all the details of attachments/posts on a Wordpress
Severity
No CVSS data available.
CWE
- CWE-862 - Missing Authorization
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://seclists.org/fulldisclosure/2015/Jul/73 | x_refsource_MISC |
| https://github.com/espreto/wpsploit/blob/master/m… | x_refsource_MISC |
| https://wpscan.com/vulnerability/d1a9ed65-baf3-4c… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | WP Attachment Export |
Affected:
0.2.4 , < 0.2.4
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:58:26.423Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2015/Jul/73"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/espreto/wpsploit/blob/master/modules/auxiliary/scanner/http/wp_attachment_export_file_download.rb"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/d1a9ed65-baf3-4c85-b077-1f37d8c7793a"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WP Attachment Export",
"vendor": "Unknown",
"versions": [
{
"lessThan": "0.2.4",
"status": "affected",
"version": "0.2.4",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Nitin Venkatesh"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WP Attachment Export WordPress plugin before 0.2.4 does not have proper access controls, allowing unauthenticated users to download the XML data that holds all the details of attachments/posts on a Wordpress"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-01T08:45:50.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://seclists.org/fulldisclosure/2015/Jul/73"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/espreto/wpsploit/blob/master/modules/auxiliary/scanner/http/wp_attachment_export_file_download.rb"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/d1a9ed65-baf3-4c85-b077-1f37d8c7793a"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WP Attachment Export \u003c 0.2.4 - Unauthenticated Posts Download",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2015-20067",
"STATE": "PUBLIC",
"TITLE": "WP Attachment Export \u003c 0.2.4 - Unauthenticated Posts Download"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WP Attachment Export",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "0.2.4",
"version_value": "0.2.4"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Nitin Venkatesh"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WP Attachment Export WordPress plugin before 0.2.4 does not have proper access controls, allowing unauthenticated users to download the XML data that holds all the details of attachments/posts on a Wordpress"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://seclists.org/fulldisclosure/2015/Jul/73",
"refsource": "MISC",
"url": "https://seclists.org/fulldisclosure/2015/Jul/73"
},
{
"name": "https://github.com/espreto/wpsploit/blob/master/modules/auxiliary/scanner/http/wp_attachment_export_file_download.rb",
"refsource": "MISC",
"url": "https://github.com/espreto/wpsploit/blob/master/modules/auxiliary/scanner/http/wp_attachment_export_file_download.rb"
},
{
"name": "https://wpscan.com/vulnerability/d1a9ed65-baf3-4c85-b077-1f37d8c7793a",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/d1a9ed65-baf3-4c85-b077-1f37d8c7793a"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2015-20067",
"datePublished": "2021-11-01T08:45:50.000Z",
"dateReserved": "2021-10-26T00:00:00.000Z",
"dateUpdated": "2024-08-06T08:58:26.423Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-20067 (GCVE-0-2015-20067)
Vulnerability from nvd – Published: 2021-11-01 08:45 – Updated: 2024-08-06 08:58
VLAI
Title
WP Attachment Export < 0.2.4 - Unauthenticated Posts Download
Summary
The WP Attachment Export WordPress plugin before 0.2.4 does not have proper access controls, allowing unauthenticated users to download the XML data that holds all the details of attachments/posts on a Wordpress
Severity
No CVSS data available.
CWE
- CWE-862 - Missing Authorization
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://seclists.org/fulldisclosure/2015/Jul/73 | x_refsource_MISC |
| https://github.com/espreto/wpsploit/blob/master/m… | x_refsource_MISC |
| https://wpscan.com/vulnerability/d1a9ed65-baf3-4c… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | WP Attachment Export |
Affected:
0.2.4 , < 0.2.4
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:58:26.423Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2015/Jul/73"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/espreto/wpsploit/blob/master/modules/auxiliary/scanner/http/wp_attachment_export_file_download.rb"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/d1a9ed65-baf3-4c85-b077-1f37d8c7793a"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WP Attachment Export",
"vendor": "Unknown",
"versions": [
{
"lessThan": "0.2.4",
"status": "affected",
"version": "0.2.4",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Nitin Venkatesh"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WP Attachment Export WordPress plugin before 0.2.4 does not have proper access controls, allowing unauthenticated users to download the XML data that holds all the details of attachments/posts on a Wordpress"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-01T08:45:50.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://seclists.org/fulldisclosure/2015/Jul/73"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/espreto/wpsploit/blob/master/modules/auxiliary/scanner/http/wp_attachment_export_file_download.rb"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/d1a9ed65-baf3-4c85-b077-1f37d8c7793a"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WP Attachment Export \u003c 0.2.4 - Unauthenticated Posts Download",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2015-20067",
"STATE": "PUBLIC",
"TITLE": "WP Attachment Export \u003c 0.2.4 - Unauthenticated Posts Download"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WP Attachment Export",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "0.2.4",
"version_value": "0.2.4"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Nitin Venkatesh"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WP Attachment Export WordPress plugin before 0.2.4 does not have proper access controls, allowing unauthenticated users to download the XML data that holds all the details of attachments/posts on a Wordpress"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://seclists.org/fulldisclosure/2015/Jul/73",
"refsource": "MISC",
"url": "https://seclists.org/fulldisclosure/2015/Jul/73"
},
{
"name": "https://github.com/espreto/wpsploit/blob/master/modules/auxiliary/scanner/http/wp_attachment_export_file_download.rb",
"refsource": "MISC",
"url": "https://github.com/espreto/wpsploit/blob/master/modules/auxiliary/scanner/http/wp_attachment_export_file_download.rb"
},
{
"name": "https://wpscan.com/vulnerability/d1a9ed65-baf3-4c85-b077-1f37d8c7793a",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/d1a9ed65-baf3-4c85-b077-1f37d8c7793a"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2015-20067",
"datePublished": "2021-11-01T08:45:50.000Z",
"dateReserved": "2021-10-26T00:00:00.000Z",
"dateUpdated": "2024-08-06T08:58:26.423Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}