Social Metrics Tracker <= 1.6.8 - Unauthorised Data Export

What is the "Social Metrics Tracker <= 1.6.8 - Unauthorised Data Export?" module?

The "Social Metrics Tracker <= 1.6.8 - Unauthorised Data Export" module is designed to detect a vulnerability in the Social Metrics Tracker WordPress plugin. This plugin allows website owners to track social media metrics for their posts and pages. The module focuses on the version 1.6.8 and below of the plugin and identifies the presence of an unauthorised data export vulnerability. The severity of this vulnerability is classified as medium.

This module was authored by randomrobbie.

Impact

The lack of proper authorization when exporting data from the Social Metrics Tracker plugin could allow unauthenticated users to access sensitive information about the blog's posts and pages. This includes details such as the author's username and email address.

How does the module work?

The module works by sending a specific HTTP request to the WordPress site using the Social Metrics Tracker plugin. The request path is "/wp-admin/admin-ajax.php?page=social-metrics-tracker-export&smt_download_export_file=1". The module then applies matching conditions to determine if the vulnerability is present.

The matching conditions for this module are as follows:

- The response body must contain the phrase "Main URL to Post". - The HTTP response status code must be 200.

If both conditions are met, the module will report the vulnerability.

For more information, you can refer to the WPScan vulnerability report.