CVE-2023-5905

HIGH

DeMomentSomTres Export Posts With Images < 20220825 - Missing Authorization for Blog Data Export

Title source: llm
STIX 2.1

Description

The DeMomentSomTres WordPress Export Posts With Images WordPress plugin through 20220825 does not check authorization of requests to export the blog data, allowing any logged in user, such as subscribers to export the contents of the blog, including restricted and unpublished posts, as well as passwords of protected posts.

References (1)

Core 1
Core References
Exploit, Third Party Advisory exploit vdb-entry technical-description
https://wpscan.com/vulnerability/f94e91ef-1773-476c-9945-37e89ceefd3f

Scores

CVSS v3 8.1
EPSS 0.0058
EPSS Percentile 43.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-862
Status published
Products (1)
demomentsomtres/export_posts_with_images < 20220825
Published Jan 15, 2024
Tracked Since Feb 18, 2026