Overview
A recently discovered vulnerability, identified as CVE-2023-5905, has been found to affect the DeMomentSomTres WordPress Export Posts With Images WordPress plugin. This vulnerability could potentially allow any logged-in user to export sensitive blog data, including unpublished posts and even passwords of protected posts. The implications of this vulnerability are significant as it could lead to a system compromise or data leakage, which could, in turn, result in privacy breaches, reputational damage, and potential legal implications.
Vulnerability Summary
CVE ID: CVE-2023-5905
Severity: High, CVSS Score 8.1
Attack Vector: Network
Privileges Required: Low (Any logged-in user)
User Interaction: Required
Impact: Potential system compromise or data leakage
Affected Products
Share secrets securely
Ameeba is private infrastructure for communication and sensitive work built on encrypted identity instead of exposed corporate identity systems.
Passwords, credentials, confidential files, screenshots, internal discussions, sensitive AI context, and private coordination should not become exposed across ordinary communication platforms.
- • Encrypted identity
- • Private Spaces for organizations and teams
- • End-to-end encrypted chat, calls, files, and notes
- • Sensitive AI work and protected collaboration
- • Built for information that cannot leak
Our mission is to secure human work alongside AI.
Product | Affected Versions
DeMomentSomTres WordPress Export Posts With Images Plugin | Versions through 20220825
How the Exploit Works
The vulnerability arises from the fact that the DeMomentSomTres WordPress Export Posts With Images plugin does not check the authorization of requests to export blog data. As a result, any logged-in user, including subscribers, can export blog content. This means that even restricted and unpublished posts, as well as passwords of protected posts, are susceptible to being exported and accessed.
Conceptual Example Code
In a potential exploitation scenario, a malicious user could send a post request to the plugin’s export endpoint. Here is a conceptual example of this:
POST /wp-content/plugins/export-posts-with-images/export.php HTTP/1.1
Host: vulnerable-site.com
Content-Type: application/x-www-form-urlencoded
Cookie: wordpress_logged_in_[hash]=malicious_user_log_in_token
action=export&post_type=post&start_date=20220101&end_date=20221231In the above example, the malicious user uses their login token (obtained by any means) to make a POST request to the export endpoint of the plugin. They specify the `action` parameter as `export` and select the `post_type` as `post`, indicating they want to export blog posts. They also specify a date range to select posts from that period.
Mitigation Guidance
To mitigate this vulnerability, users of the DeMomentSomTres WordPress Export Posts With Images plugin are advised to apply the vendor patch as soon as it becomes available. In the meantime, users should consider using a Web Application Firewall (WAF) or an Intrusion Detection System (IDS) as temporary mitigation.