Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpvulndbWpvulndbWPVDB-ID:DDE047B7-DB53-4194-9955-5F1307DCCFF5
HistoryJan 14, 2022 - 12:00 a.m.

WP Import Export < 3.9.16 - Unauthenticated Sensitive Data Disclosure

2022-01-1400:00:00
wpscan.com
19
sensitive data disclosure
unauthenticated access
capability check

EPSS

0.002

Percentile

61.6%

JSON

The plugins are vulnerable to unauthenticated sensitive data disclosure due to a missing capability check on the download function wpie_process_file_download found in the ~/includes/classes/class-wpie-general.php file. This made it possible for unauthenticated attackers to download any imported or exported information from a vulnerable site which can contain sensitive information like user data.

Related

patchstack 2
githubexploit 1
nvd 1
prion 1
cve 1
cvelist 1
patchstack
patchstack
WordPress WP Import Export Lite plugin <= 3.9.15 - Unauthenticated Sensitive Data Disclosure vulnerability
2022-01-14 00:00:00
WordPress WP Import Export premium plugin <= 3.9.15 - Unauthenticated Sensitive Data Disclosure vulnerability
2022-01-14 00:00:00
githubexploit
githubexploit
Exploit for Missing Authorization in Vjinfotech Wp Import Export
2022-01-16 09:52:28
nvd
nvd
CVE-2022-0236
2022-01-18 17:15:10
prion
prion
Design/Logic Flaw
2022-01-18 17:15:00
cve
cve
CVE-2022-0236
2022-01-18 17:15:10
cvelist
cvelist
CVE-2022-0236 WP Import Export (Lite) <= 3.9.15 Unauthenticated Sensitive Data Disclosure
2022-01-18 16:52:22

EPSS

0.002

Percentile

61.6%

JSON
Related for WPVDB-ID:DDE047B7-DB53-4194-9955-5F1307DCCFF5
patchstack2githubexploit1nvd1prion1cve1cvelist1