CVE-2023-45387

In the module "Product Catalog CSV, Excel, XML Export PRO" exportproducts in versions up to 5.0.0 from MyPrestaModules for PrestaShop, a guest can perform SQL injection via exportProduct::addDataToDb...

CVE-2023-4724

The Export any WordPress data to XML/CSV WordPress plugin before 1.4.0, WP All Export Pro WordPress plugin before 1.8.6 does not validate and sanitise the wpquery parameter which allows an attacker to run arbitrary command on the remote server...

CVE-2022-3394

The WP All Export Pro WordPress plugin before 1.7.9 does not limit some functionality during exports only to users with the Administrator role, allowing any logged in user which has been given privileges to perform exports to execute arbitrary code on the site. By default only administrators can...

CVE-2022-3395

The WP All Export Pro WordPress plugin before 1.7.9 uses the contents of the ccsql POST parameter directly as a database query, allowing users which has been given permission to run exports to execute arbitrary SQL statements, leading to a SQL Injection vulnerability. By default only users with t...

CVE-2024-7419

The WP ALL Export Pro plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.9.1 via the custom export fields. This is due to the missing input validation and sanitization of user-supplied data. This makes it possible for unauthenticated attackers to...

CVE-2024-7425

The WP ALL Export Pro plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to improper user input validation and sanitization in all versions up to, and including, 1.9.1. This makes it possible for authenticated attackers, with Shop...

CVE-2024-7425 WP All Export Pro <= 1.9.1 - Authenticated (ShopManager+) Arbtirary Options Update

The WP ALL Export Pro plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to improper user input validation and sanitization in all versions up to, and including, 1.9.1. This makes it possible for authenticated attackers, with Shop...

CVE-2024-7425

CVE-2024-7425 (WP All Export Pro

CVE-2024-7425 WP All Export Pro <= 1.9.1 - Authenticated (ShopManager+) Arbtirary Options Update

The WP ALL Export Pro plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to improper user input validation and sanitization in all versions up to, and including, 1.9.1. This makes it possible for authenticated attackers, with Shop...

CVE-2024-7419

The WP ALL Export Pro plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.9.1 via the custom export fields. This is due to the missing input validation and sanitization of user-supplied data. This makes it possible for unauthenticated attackers to...

CVE-2024-7419

CVE-2024-7419: WP All Export Pro for WordPress (versions up to 1.9.1) is vulnerable to unauthenticated remote code execution via the custom export fields due to missing input validation/sanitization of user-provided data. This can allow an attacker to inject PHP code that executes on the server d...

CVE-2024-7419 WP All Export Pro <= 1.9.1 - Unauthenticated Remote Code Execution via Custom Export Fields

The WP ALL Export Pro plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.9.1 via the custom export fields. This is due to the missing input validation and sanitization of user-supplied data. This makes it possible for unauthenticated attackers to...

CVE-2024-7419 WP All Export Pro <= 1.9.1 - Unauthenticated Remote Code Execution via Custom Export Fields

The WP ALL Export Pro plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.9.1 via the custom export fields. This is due to the missing input validation and sanitization of user-supplied data. This makes it possible for unauthenticated attackers to...

WordPress plugin WP ALL Export Pro 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code injection vulnerability...

PT-2025-5995 · WordPress · Wp All Export Pro

Name of the Vulnerable Software and Affected Versions: WP ALL Export Pro plugin for WordPress versions up to, and including, 1.9.1 Description: The issue allows authenticated attackers with Shop Manager-level access and above to update arbitrary options on the WordPress site due to improper user...

WordPress WP All Export Pro plugin < 1.9.2 - Authenticated (Shop Manager+) Remote Code Execution vulnerability

Authenticated Shop Manager+ Remote Code Execution vulnerability discovered by ? in WordPress Plugin WP ALL Export Pro versions 1.9.2...

PrestaShop Orders Export PRO Security Vulnerability

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides multiple payment methods, short message alerts and product image scaling. A security vulnerability exists in PrestaShop Orders Export PRO v.6.0.2 and prior versions, which originated...

CVE-2023-4724

The Export any WordPress data to XML/CSV WordPress plugin before 1.4.0, WP All Export Pro WordPress plugin before 1.8.6 does not validate and sanitise the wpquery parameter which allows an attacker to run arbitrary command on the remote server...

WordPress Plugin WP All Export Pro Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

WordPress Plugin WP All Export Pro Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...