ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Ghost Plugin 0.5.5 - Unrestricted Export Download

Product
Ghost
Description
Because of this vulnerability, anyone can download the Ghost Export file from the website, because an admin user is not correctly checked.
Solution
Update the plugin.
Classification
Type Arbitrary File Download
References
Exploit-DB
CVE
Name CVE-N/A
Versions
Affected In <= 0.5.5
Fixed In 0.5.6
Disclosure date
2016-05-02
Credits
Josh Brody