Improper access control

2019-09-1715:15:00

PRIOn knowledge base

www.prio-n.com

7.2 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

25.2%

The ghost plugin before 0.5.6 for WordPress has no access control for wp-admin/tools.php?ghostexport=true downloads of exported data.

CPENameOperatorVersion
ghostlt0.5.6

CPE	Name	Operator	Version
	ghost	lt	0.5.6

References

packetstormsecurity.com/files/136887/

wordpress.org/plugins/ghost/