WordPress Ghost Plugin 0.5.5 - Unrestricted Export Download

ID EDB-ID:39752
Type exploitdb
Reporter Josh Brody
Modified 2016-05-02T00:00:00


WordPress Ghost Plugin 0.5.5 - Unrestricted Export Download. Webapps exploit for php platform

                                            # Exploit Title: WordPress Export to Ghost Unrestricted Export Download
# Date: 28-04-2016
# Software Link: https://wordpress.org/plugins/ghost
# Exploit Author: Josh Brody
# Contact: http://twitter.com/joshmn
# Website: http://josh.mn/
# Category: webapps
1. Description
Any visitor can download the Ghost Export file because of a failure to check if an admin user is properly authenticated. Assume all versions < 0.5.6 are vulnerable.
2. Proof of Concept


File will be downloaded.
3. Solution:

Update to version 0.5.6