Sensitive Data: Social Metrics Tracker \<= 1.6.8 - Unauthorised Data Export¶

Identifier: wordpress_social_metrics_tracker

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	WebApp Scanner

Description¶

The lack of proper authorisation when exporting data from the plugin could allow unauthenticated users to get information about the posts and page of the blog, including their author's username and email.

Reference:

https://wpscan.com/vulnerability/f4eed3ba-2746-426f-b030-a8c432defeb2

Configuration¶

Example¶

Example configuration:

---
security_tests:
  wordpress_social_metrics_tracker:
    assets_allowed:
    - REST
    - GRAPHQL
    - WEBAPP
    skip: false

Reference¶

`assets_allowed`¶

Type : List[AssetType]*

List of assets that this check will cover.

`skip`¶

Type : boolean

Skip the test if true.