This security bulletin contains one medium risk vulnerability.
The vulnerability allows a remote authenticated user to gain access to sensitive information.
The ghost plugin before 0.5.6 for WordPress has no access control for wp-admin/tools.php?ghostexport=true downloads of exported data.Mitigation
Install update from vendor's website.Vulnerable software versions
Ghost: 0.5.0 - 0.5.5Fixed software versions
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?