CVE-2015-20067

HIGH NUCLEI

WP Attachment Export < 0.2.4 - Missing Authorization

Title source: rule

Description

The WP Attachment Export WordPress plugin before 0.2.4 does not have proper access controls, allowing unauthenticated users to download the XML data that holds all the details of attachments/posts on a Wordpress

Nuclei Templates (1)

WP Attachment Export < 0.2.4 - Unrestricted File Download

HIGHVERIFIEDby r3Y3r53

References (3)

[Exploit, Third Party Advisory] https://github.com/espreto/wpsploit/blob/master/modules/auxiliary/scanner/http/wp_attachment_export_file_download.rb

View Exploit ZIP pw:eip

[Exploit, Mailing List, Third Party Advisory] https://seclists.org/fulldisclosure/2015/Jul/73

[Exploit, Third Party Advisory] https://wpscan.com/vulnerability/d1a9ed65-baf3-4c85-b077-1f37d8c7793a

Scores

CVSS v3 7.5

EPSS 0.1912

EPSS Percentile 95.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-862

Status published

Products (1)

wp_attachment_export_project/wp_attachment_export < 0.2.4

Published Nov 01, 2021

Tracked Since Feb 18, 2026