Feedback Modal for Website WordPress Plugin Missing Capability Check Vulnerability Allowing Data Export
Vulnerability
A vulnerability exists in the Feedback Modal for Website plugin for WordPress, in all versions through 1.0.1. The issue arises from a missing capability check in the 'handle_export' function, which allows unauthorized access to feedback data. This vulnerability enables unauthenticated attackers to export all feedback information in CSV or JSON format by using the 'export_data' parameter.
Impact
Exploitation of this vulnerability allows for unauthorized access to feedback data, which could be misused for spam or phishing attempts, or to gather personal information from users.
Reproduction
To reproduce this vulnerability, send a request to the WordPress site with the 'export_data' parameter included. The 'export_type' parameter can also be specified to choose the export format (CSV or JSON).
Remediation
No known patch is available for this vulnerability. It is recommended to review the vulnerability details and consider uninstalling the affected plugin.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.