Lucene search
HistoryDec 18, 2023 - 8:15 p.m.
CVE-2023-4724
wordpress
plugin
arbitrary command
CVSS3
7.2
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
19.3%
The Export any WordPress data to XML/CSV WordPress plugin before 1.4.0, WP All Export Pro WordPress plugin before 1.8.6 does not validate and sanitise the wp_query parameter which allows an attacker to run arbitrary command on the remote server
Affected configurations
Node
soflyyexport_any_wordpress_data_to_xml\/csvRange<1.4.0wordpress
ORsoflyywp_all_exportRange<1.8.6prowordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| soflyy | export_any_wordpress_data_to_xml\/csv | * | cpe:2.3:a:soflyy:export_any_wordpress_data_to_xml\/csv:*:*:*:*:*:wordpress:*:* |
| soflyy | wp_all_export | * | cpe:2.3:a:soflyy:wp_all_export:*:*:*:*:pro:wordpress:*:* |
Related
prion
prion
Command injection
2023-12-18 20:15:00
cve
cve
CVE-2023-4724
2023-12-18 20:15:08
wpvulndb
wpvulndb
WP All Export (Free < 1.4.0, Pro < 1.8.6) - Admin+ RCE
2023-11-21 00:00:00
wpexploit
wpexploit
WP All Export (Free < 1.4.0, Pro < 1.8.6) - Admin+ RCE
2023-11-21 00:00:00
cvelist
cvelist
CVE-2023-4724 WP All Export (Free < 1.4.0, Pro < 1.8.6) - Admin+ RCE
2023-12-18 20:08:04
wordfence
wordfence
CVSS3
7.2
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
19.3%
Related for NVD:CVE-2023-4724