Lucene search
K

51 matches found

Positive Technologies
Positive Technologies
added 2022/10/25 12:0 a.m.6 views

PT-2022-21926 · WordPress · Wp All Export Pro

Name of the Vulnerable Software and Affected Versions: WP All Export Pro versions prior to 1.7.9 Description: The issue allows any logged-in user with export privileges to execute arbitrary code on the site, despite the default restriction to administrators. This is because the plugin does not...

7.2CVSS7.3AI score0.01307EPSS
Exploits2References4
CNNVD
CNNVD
added 2022/10/25 12:0 a.m.6 views

WordPress plugin WP All Export Pro 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code injection vulnerability exists ...

7.2CVSS7.6AI score0.01307EPSS
Exploits2References2
Vulnrichment
Vulnrichment
added 2022/10/25 12:0 a.m.10 views

CVE-2022-3394 WP All Export Pro < 1.7.9 - Authenticated Code Injection

The WP All Export Pro WordPress plugin before 1.7.9 does not limit some functionality during exports only to users with the Administrator role, allowing any logged in user which has been given privileges to perform exports to execute arbitrary code on the site. By default only administrators can...

7.3AI score0.01307EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2022/10/25 12:0 a.m.11 views

CVE-2022-3395 WP All Export Pro < 1.7.9 - Authenticated SQLi

The WP All Export Pro WordPress plugin before 1.7.9 uses the contents of the ccsql POST parameter directly as a database query, allowing users which has been given permission to run exports to execute arbitrary SQL statements, leading to a SQL Injection vulnerability. By default only users with t...

8.9AI score0.00945EPSS
Exploits2References1
CNNVD
CNNVD
added 2022/10/25 12:0 a.m.5 views

WordPress plugin WP All Export Pro SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A SQL injection vulnerability exists in...

8.8CVSS8.1AI score0.00945EPSS
Exploits2References2
CVE
CVE
added 2022/10/25 12:0 a.m.267 views

CVE-2022-3395

Affected software: WP All Export Pro WordPress plugin (pre-1.7.9). Vulnerability summary: The plugin directly uses the contents of the cc_sql POST parameter as a database query, enabling SQL injection when an authorized user (by default Administrator, but permissions can be delegated) runs export...

8.8CVSS8.9AI score0.00945EPSS
Exploits2References1Affected Software1
CVE
CVE
added 2022/10/25 12:0 a.m.138 views

CVE-2022-3394

Summary: CVE-2022-3394 affects the WP All Export Pro WordPress plugin. The vulnerability exists in versions before 1.7.9 and stems from insufficient access control during exports, where non-admin users with export privileges can trigger arbitrary code execution on the site. The issue is triggered...

7.2CVSS7.3AI score0.01307EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2022/10/25 12:0 a.m.34 views

CVE-2022-3394 WP All Export Pro < 1.7.9 - Authenticated Code Injection

The WP All Export Pro WordPress plugin before 1.7.9 does not limit some functionality during exports only to users with the Administrator role, allowing any logged in user which has been given privileges to perform exports to execute arbitrary code on the site. By default only administrators can...

7.5AI score0.01307EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2022/10/03 12:0 a.m.15 views

WP ALL Export Pro < 1.7.9 - Authenticated SQLi

The plugin uses the contents of the ccsql POST parameter directly as a database query, allowing users which has been given permission to run exports to execute arbitrary SQL statements, leading to a SQL Injection vulnerability. By default only users with the Administrator role can perform exports...

8.8CVSS3.1AI score0.00945EPSS
Exploits2Affected Software1
Patchstack
Patchstack
added 2022/10/03 12:0 a.m.57 views

WordPress WP ALL Export Pro plugin <= 1.7.8 - Authenticated Code Injection vulnerability

Authenticated Code Injection vulnerability discovered by Sanjay Das in WordPress WP ALL Export Pro plugin versions = 1.7.8. Solution Update the WordPress WP ALL Export Pro plugin to the latest available version at least 1.7.9...

7.2CVSS2.6AI score0.01307EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/10/03 12:0 a.m.35 views

WordPress WP ALL Export Pro premium plugin <= 1.7.8 - Authenticated SQL Injection (SQLi) vulnerability

Authenticated SQL Injection SQLi vulnerability discovered by Sanjay Das in WordPress WP ALL Export Pro premium plugin versions = 1.7.8. Solution Update the WordPress WP ALL Export Pro plugin to the latest available version at least 1.7.9...

8.8CVSS2.4AI score0.00945EPSS
Exploits2References1Affected Software1
Rows per page
Query Builder