2 matches found
CVE-2015-20067 WP Attachment Export < 0.2.4 - Unauthenticated Posts Download
The WP Attachment Export WordPress plugin before 0.2.4 does not have proper access controls, allowing unauthenticated users to download the XML data that holds all the details of attachments/posts on a Wordpress...
CVE-2015-20067
CVE-2015-20067 affects the WordPress WP Attachment Export plugin prior to v0.2.4. The vulnerability arises from improper access controls that allow unauthenticated users to download an XML data set containing details of attachments and posts (and, in some disclosures, plaintext passwords for pass...