{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-5905", "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "state": "PUBLISHED", "assignerShortName": "WPScan", "dateReserved": "2023-11-01T08:43:31.363Z", "datePublished": "2024-01-15T15:10:43.450Z", "dateUpdated": "2024-08-02T08:14:24.630Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan", "dateUpdated": "2024-01-15T15:10:43.450Z"}, "title": "DeMomentSomTres WordPress Export Posts With Images <= 20220825 - Subscriber+ unauthorized data export", "problemTypes": [{"descriptions": [{"description": "CWE-862 Missing Authorization", "lang": "en", "type": "CWE"}]}], "affected": [{"vendor": "Unknown", "product": "DeMomentSomTres WordPress Export Posts With Images", "versions": [{"status": "affected", "versionType": "semver", "version": "0", "lessThanOrEqual": "20220825"}], "defaultStatus": "affected", "collectionURL": "https://wordpress.org/plugins"}], "descriptions": [{"lang": "en", "value": "The DeMomentSomTres WordPress Export Posts With Images WordPress plugin through 20220825 does not check authorization of requests to export the blog data, allowing any logged in user, such as subscribers to export the contents of the blog, including restricted and unpublished posts, as well as passwords of protected posts."}], "references": [{"url": "https://wpscan.com/vulnerability/f94e91ef-1773-476c-9945-37e89ceefd3f", "tags": ["exploit", "vdb-entry", "technical-description"]}], "credits": [{"lang": "en", "value": "Krzysztof Zaj\u0105c", "type": "finder"}, {"lang": "en", "value": "WPScan", "type": "coordinator"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "WPScan CVE Generator"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:14:24.630Z"}, "title": "CVE Program Container", "references": [{"url": "https://wpscan.com/vulnerability/f94e91ef-1773-476c-9945-37e89ceefd3f", "tags": ["exploit", "vdb-entry", "technical-description", "x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:demomentsomtres:export_posts_with_images:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "D2E1FCE5-C116-4DC7-A9C4-EF8CB85ED2A2", "versionEndIncluding": "20220825", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The DeMomentSomTres WordPress Export Posts With Images WordPress plugin through 20220825 does not check authorization of requests to export the blog data, allowing any logged in user, such as subscribers to export the contents of the blog, including restricted and unpublished posts, as well as passwords of protected posts."}, {"lang": "es", "value": "El complemento de WordPress DeMomentSomTres WordPress Export Posts With Images hasta 20220825 no verifica la autorizaci\u00f3n de las solicitudes para exportar los datos del blog, lo que permite que cualquier usuario que haya iniciado sesi\u00f3n, como los suscriptores, exporte el contenido del blog, incluidas las publicaciones restringidas y no publicadas, as\u00ed como las contrase\u00f1as. de puestos protegidos."}], "id": "CVE-2023-5905", "lastModified": "2024-01-19T17:58:36.970", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-01-15T16:15:12.180", "references": [{"source": "contact@wpscan.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wpscan.com/vulnerability/f94e91ef-1773-476c-9945-37e89ceefd3f"}], "sourceIdentifier": "contact@wpscan.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}