All-in-One WP Migration <= 2.0.4 - Unauthenticated Database Export
Description | Unauthenticated users can export a complete copy of the WordPress database, all plugins, themes, and uploaded files. |
Affects Plugin
fixed in version 2.0.5
|
References
METASPLOIT | auxiliary/gather/wp_all_in_one_migration_export |
URL | http://www.pritect.net/blog/all-in-one-wp-migration-2-0-4-security-vulnerability |
Classification
Type | AUTHBYPASS |
OWASP Top 10 | A2: Broken Authentication and Session Management |
CWE | CWE-287 |
Miscellaneous
Submitter | James Golovich |
Submitter Website | http://www.pritect.net |
Submitter Twitter | Pritect |
Views | 2610 |
Verified | Yes |
WPVDB ID | 7857 |
Timeline
Publicly Published | 2015-03-19 (almost 4 years ago) |
Added | 2015-03-19 (almost 4 years ago) |
Last Updated | 2018-08-29 (6 months ago) |
Copyright & License
Copyright | All data and resources contained within this page and this web site is Copyright © The WPScan Team. |
License | Some of this data may be used for non-commercial purposes, however, any potential commercial usage of this data will require a license. If you would like to inquire about a commercial license please contact us. |