Sensitive Data: Social Metrics Tracker \<= 1.6.8 - Unauthorised Data Export¶

Identifier: wordpress_social_metrics_tracker

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	WebApp Scanner	ASM Scanner

Description¶

WordPress Social Metrics Tracker plugin lacks proper authorization for data export, allowing unauthenticated users to access post and page information including author usernames and emails.

How we test: We test for unauthorized data export vulnerabilities in WordPress Social Metrics Tracker by attempting to access export endpoints without authentication and analyzing responses to detect if sensitive data is exposed.

Reference:

https://wpscan.com/vulnerability/f4eed3ba-2746-426f-b030-a8c432defeb2

Configuration¶

Example¶

Example configuration:

---
security_tests:
  wordpress_social_metrics_tracker:
    skip: false

Reference¶

`skip`¶

Type : boolean

Skip the test if true.