Vulnerability CVE-2022-0914


Published: 2022-04-11

Description:
The Export All URLs WordPress plugin before 4.3 does not have CSRF in place when exporting data, which could allow attackers to make a logged in admin export all posts and pages (including private and draft) into an arbitrary CSV file, which the attacker can then download and retrieve the list of titles for example

Type:

CWE-352

(Cross-Site Request Forgery (CSRF))

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
Atlasgondal -> Export all urls 

 References:
https://wpscan.com/vulnerability/c328be28-75dd-43db-a5b9-c1ba0636c930

Copyright 2023, cxsecurity.com

 

Back to Top