Lucene search
K

45 matches found

OSV
OSV
added 2026/04/10 7:50 p.m.2 views

GHSA-VJ8V-P5VW-M6V5 xrootd has path traversal in directory listing that allows access to the parent directory via trailing ".." pattern

Summary A path traversal vulnerability in XRootD allows users to escape the exported directory scope and enumerate the contents of the parent directory by appending /.. specifically without trailing slash to an exported path in xrdfs ls or HTTP PROPFIND requests. This bypass ignores the all.expor...

5.3CVSS5.9AI score
Exploits0References4
Patchstack
Patchstack
added 2026/02/18 8:49 p.m.8 views

WordPress WP All Export plugin <= 1.4.14 - Unauthenticated Sensitive Information Exposure via PHP Type Juggling vulnerability

Unauthenticated Sensitive Information Exposure via PHP Type Juggling vulnerability discovered by Vincent Theriault-Laine in WordPress Plugin Export any WordPress data to XML/CSV versions = 1.4.14...

3.7CVSS5.6AI score0.00287EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/02/18 1:16 p.m.5 views

CVE-2026-1582

The WP All Export plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.14 via the export download endpoint. This is due to a PHP type juggling vulnerability in the security token comparison which uses loose comparison == instead of strict...

3.7CVSS0.00287EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/18 12:28 p.m.6 views

CVE-2026-1582 WP All Export <= 1.4.14 - Unauthenticated Sensitive Information Exposure via PHP Type Juggling

The WP All Export plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.14 via the export download endpoint. This is due to a PHP type juggling vulnerability in the security token comparison which uses loose comparison == instead of strict...

3.7CVSS5.6AI score0.00287EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/18 12:0 a.m.9 views

WordPress plugin WP All Export 信息泄露漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

3.7CVSS5.8AI score0.00287EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/18 12:0 a.m.7 views

PT-2026-20386

The WP All Export plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.14 via the export download endpoint. This is due to a PHP type juggling vulnerability in the security token comparison which uses loose comparison == instead of strict...

3.7CVSS5.6AI score0.00287EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/23 4:6 a.m.10 views

CVE-2023-4724

The Export any WordPress data to XML/CSV WordPress plugin before 1.4.0, WP All Export Pro WordPress plugin before 1.8.6 does not validate and sanitise the wpquery parameter which allows an attacker to run arbitrary command on the remote server...

7.2CVSS7AI score0.01151EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2025/05/23 1:19 a.m.10 views

CVE-2022-3394

The WP All Export Pro WordPress plugin before 1.7.9 does not limit some functionality during exports only to users with the Administrator role, allowing any logged in user which has been given privileges to perform exports to execute arbitrary code on the site. By default only administrators can...

7.2CVSS7.7AI score0.01307EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:9 p.m.12 views

CVE-2022-3395

The WP All Export Pro WordPress plugin before 1.7.9 uses the contents of the ccsql POST parameter directly as a database query, allowing users which has been given permission to run exports to execute arbitrary SQL statements, leading to a SQL Injection vulnerability. By default only users with t...

8.8CVSS8.1AI score0.00945EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/02/09 3:22 p.m.21 views

CVE-2024-7419

The WP ALL Export Pro plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.9.1 via the custom export fields. This is due to the missing input validation and sanitization of user-supplied data. This makes it possible for unauthenticated attackers to...

8.8CVSS7.6AI score0.00612EPSS
Exploits0References1
OSV
OSV
added 2025/02/07 5:15 p.m.2 views

CVE-2024-7425

The WP ALL Export Pro plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to improper user input validation and sanitization in all versions up to, and including, 1.9.1. This makes it possible for authenticated attackers, with Shop...

7.2CVSS5.9AI score0.00392EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/02/07 4:21 p.m.19 views

CVE-2024-7425 WP All Export Pro <= 1.9.1 - Authenticated (ShopManager+) Arbtirary Options Update

The WP ALL Export Pro plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to improper user input validation and sanitization in all versions up to, and including, 1.9.1. This makes it possible for authenticated attackers, with Shop...

6.8CVSS7.5AI score0.00392EPSS
Exploits0References2
CVE
CVE
added 2025/02/07 4:21 p.m.57 views

CVE-2024-7425

CVE-2024-7425 (WP All Export Pro

7.2CVSS7.2AI score0.00392EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2025/02/07 4:21 p.m.40 views

CVE-2024-7425 WP All Export Pro <= 1.9.1 - Authenticated (ShopManager+) Arbtirary Options Update

The WP ALL Export Pro plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to improper user input validation and sanitization in all versions up to, and including, 1.9.1. This makes it possible for authenticated attackers, with Shop...

6.8CVSS0.00392EPSS
Exploits0References2
NVD
NVD
added 2025/02/07 4:15 p.m.49 views

CVE-2024-7419

The WP ALL Export Pro plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.9.1 via the custom export fields. This is due to the missing input validation and sanitization of user-supplied data. This makes it possible for unauthenticated attackers to...

8.8CVSS0.00612EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/02/07 3:21 p.m.12 views

CVE-2024-7419 WP All Export Pro <= 1.9.1 - Unauthenticated Remote Code Execution via Custom Export Fields

The WP ALL Export Pro plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.9.1 via the custom export fields. This is due to the missing input validation and sanitization of user-supplied data. This makes it possible for unauthenticated attackers to...

8.3CVSS9AI score0.00612EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/02/07 3:21 p.m.42 views

CVE-2024-7419 WP All Export Pro <= 1.9.1 - Unauthenticated Remote Code Execution via Custom Export Fields

The WP ALL Export Pro plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.9.1 via the custom export fields. This is due to the missing input validation and sanitization of user-supplied data. This makes it possible for unauthenticated attackers to...

8.3CVSS0.00612EPSS
Exploits0References2
CVE
CVE
added 2025/02/07 3:21 p.m.71 views

CVE-2024-7419

CVE-2024-7419: WP All Export Pro for WordPress (versions up to 1.9.1) is vulnerable to unauthenticated remote code execution via the custom export fields due to missing input validation/sanitization of user-provided data. This can allow an attacker to inject PHP code that executes on the server d...

8.8CVSS7.7AI score0.00612EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2025/02/03 11:51 p.m.5 views

WordPress WP All Export Pro plugin < 1.9.2 - Authenticated (Shop Manager+) Remote Code Execution vulnerability

Authenticated Shop Manager+ Remote Code Execution vulnerability discovered by ? in WordPress Plugin WP ALL Export Pro versions 1.9.2...

7.2CVSS7.5AI score0.00392EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2023/12/18 8:15 p.m.4 views

CVE-2023-4724

The Export any WordPress data to XML/CSV WordPress plugin before 1.4.0, WP All Export Pro WordPress plugin before 1.8.6 does not validate and sanitise the wpquery parameter which allows an attacker to run arbitrary command on the remote server...

7.2CVSS5.9AI score0.01151EPSS
Exploits2References1
Rows per page
Query Builder