CVE-2015-20067

Description

The WP Attachment Export WordPress plugin before 0.2.4 does not have proper access controls, allowing unauthenticated users to download the XML data that holds all the details of attachments/posts on a Wordpress

Affected Software
References

Software	From	Fixed in
wp_attachment_export_project / wp_attachment_export	-	0.2.4

https://github.com/espreto/wpsploit/blob/master/modules/auxiliary/scanner/http/wp_attachment_export_file_download.rb
https://seclists.org/fulldisclosure/2015/Jul/73
https://wpscan.com/vulnerability/d1a9ed65-baf3-4c85-b077-1f37d8c7793a

Severity: High

CVE: CVE-2015-20067
Published: Nov 1, 2021
Updated: Apr 13, 2023
Exploit:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

CWE-862

CVE-2015-20067

Description

Details

CVSS v3

CVSS v2

CWEs