CVE-2023-5905

CVSS v3 8.1 HIGH

8.1^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

T

he DeMomentSomTres WordPress Export Posts With Images WordPress plugin through 20220825 does not check authorization of requests to export the blog data, allowing any logged in user, such as subscribers to export the contents of the blog, including restricted and unpublished posts, as well as passwords of protected posts.

References

Link	Resource
https://wpscan.com/vulnerability/f94e91ef-1773-476c-9945-37e89ceefd3f	Exploit Third Party Advisory
https://wpscan.com/vulnerability/f94e91ef-1773-476c-9945-37e89ceefd3f	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:demomentsomtres:export_posts_with_images:*:*:*:*:*:wordpress:*:*

History

21 Nov 2024, 08:42

Type	Values Removed	Values Added
References	~~() https://wpscan.com/vulnerability/f94e91ef-1773-476c-9945-37e89ceefd3f - Exploit, Third Party Advisory~~	() https://wpscan.com/vulnerability/f94e91ef-1773-476c-9945-37e89ceefd3f - Exploit, Third Party Advisory

Information

Published : 2024-01-15 16:15

Updated : 2025-06-20 17:15

NVD link : CVE-2023-5905

Mitre link : CVE-2023-5905

CVE.ORG link : CVE-2023-5905

JSON object : View

Products Affected

demomentsomtres

export_posts_with_images

CWE

CWE-862

Missing Authorization

{"id": "CVE-2023-5905", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 2.8}]}, "published": "2024-01-15T16:15:12.180", "references": [{"url": "https://wpscan.com/vulnerability/f94e91ef-1773-476c-9945-37e89ceefd3f", "tags": ["Exploit", "Third Party Advisory"], "source": "[email protected]"}, {"url": "https://wpscan.com/vulnerability/f94e91ef-1773-476c-9945-37e89ceefd3f", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-862"}]}], "descriptions": [{"lang": "en", "value": "The DeMomentSomTres WordPress Export Posts With Images WordPress plugin through 20220825 does not check authorization of requests to export the blog data, allowing any logged in user, such as subscribers to export the contents of the blog, including restricted and unpublished posts, as well as passwords of protected posts."}, {"lang": "es", "value": "El complemento de WordPress DeMomentSomTres WordPress Export Posts With Images hasta 20220825 no verifica la autorizaci\u00f3n de las solicitudes para exportar los datos del blog, lo que permite que cualquier usuario que haya iniciado sesi\u00f3n, como los suscriptores, exporte el contenido del blog, incluidas las publicaciones restringidas y no publicadas, as\u00ed como las contrase\u00f1as. de puestos protegidos."}], "lastModified": "2025-06-20T17:15:38.803", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:demomentsomtres:export_posts_with_images:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "D2E1FCE5-C116-4DC7-A9C4-EF8CB85ED2A2", "versionEndIncluding": "20220825"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}