Unrated severityNVD Advisory· Published Nov 1, 2021· Updated Aug 6, 2024

WP Attachment Export < 0.2.4 - Unauthenticated Posts Download

CVE-2015-20067

Description

The WP Attachment Export WordPress plugin before 0.2.4 does not have proper access controls, allowing unauthenticated users to download the XML data that holds all the details of attachments/posts on a Wordpress

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

WordPress/WP Attachment Exportdescription
WordPress/WP Attachment Exportllm-create
Range: <0.2.4

Patches

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/espreto/wpsploit/blob/master/modules/auxiliary/scanner/http/wp_attachment_export_file_download.rbmitrex_refsource_MISC
seclists.org/fulldisclosure/2015/Jul/73mitrex_refsource_MISC
wpscan.com/vulnerability/d1a9ed65-baf3-4c85-b077-1f37d8c7793amitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.007
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000