Import Users From CSV with Meta 1.15 - Unauthorised Authenticated Users Export



Description
The export_users_csv function, registered as an authenticated AJAX call and allowing to export users, was missing the authorisation/capability check. CSRF check was in place, reducing the severity of the issue.

Only version 1.15 seems to be affected as the export functionality is a new feature introduced by it.

Affects Plugin

fixed in version 1.15.0.1

References

URL https://plugins.trac.wordpress.org/changeset/2220481

Classification

Type PRIVESC
OWASP Top 10 A2: Broken Authentication and Session Management
CWE CWE-269

Miscellaneous

Views 141704
Verified No
WPVDB ID 10003

Timeline

Publicly Published 2020-01-01 (6 months ago)
Added 2020-01-03 (6 months ago)
Last Updated 2020-01-03 (6 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin