The Church Admin WordPress plugin prior to 3.4.135 does not have authorisation and CSRF in some of its action as well as requested files, allowing unauthenticated malicious users to repeatedly request the "refresh-backup" action, and simultaneously keep requesting a publicly accessible temporary file generated by the plugin in order to disclose the final backup filename, which can then be fetched by the malicious user to download the backup of the plugin's DB data
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
church admin project church admin |