Vigil@nce - WordPress WP Ultimate CSV Importer: information disclosure
February 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can download the database via WordPress WP Ultimate
CSV Importer, in order to obtain sensitive information.
– Impacted products: WordPress Plugins
– Severity: 2/4
– Creation date: 02/02/2015
DESCRIPTION OF THE VULNERABILITY
The WP Ultimate CSV Importer plugin can be installed on WordPress.
However, an attacker can call the export.php script, to obtain a
database dump.
An attacker can therefore download the database via WordPress WP
Ultimate CSV Importer, in order to obtain sensitive information.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/WordPress-WP-Ultimate-CSV-Importer-information-disclosure-16096