51 matches found
PT-2022-21926 · WordPress · Wp All Export Pro
Name of the Vulnerable Software and Affected Versions: WP All Export Pro versions prior to 1.7.9 Description: The issue allows any logged-in user with export privileges to execute arbitrary code on the site, despite the default restriction to administrators. This is because the plugin does not...
WordPress plugin WP All Export Pro 代码注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code injection vulnerability exists ...
CVE-2022-3394 WP All Export Pro < 1.7.9 - Authenticated Code Injection
The WP All Export Pro WordPress plugin before 1.7.9 does not limit some functionality during exports only to users with the Administrator role, allowing any logged in user which has been given privileges to perform exports to execute arbitrary code on the site. By default only administrators can...
CVE-2022-3395 WP All Export Pro < 1.7.9 - Authenticated SQLi
The WP All Export Pro WordPress plugin before 1.7.9 uses the contents of the ccsql POST parameter directly as a database query, allowing users which has been given permission to run exports to execute arbitrary SQL statements, leading to a SQL Injection vulnerability. By default only users with t...
WordPress plugin WP All Export Pro SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A SQL injection vulnerability exists in...
CVE-2022-3395
Affected software: WP All Export Pro WordPress plugin (pre-1.7.9). Vulnerability summary: The plugin directly uses the contents of the cc_sql POST parameter as a database query, enabling SQL injection when an authorized user (by default Administrator, but permissions can be delegated) runs export...
CVE-2022-3394
Summary: CVE-2022-3394 affects the WP All Export Pro WordPress plugin. The vulnerability exists in versions before 1.7.9 and stems from insufficient access control during exports, where non-admin users with export privileges can trigger arbitrary code execution on the site. The issue is triggered...
CVE-2022-3394 WP All Export Pro < 1.7.9 - Authenticated Code Injection
The WP All Export Pro WordPress plugin before 1.7.9 does not limit some functionality during exports only to users with the Administrator role, allowing any logged in user which has been given privileges to perform exports to execute arbitrary code on the site. By default only administrators can...
WP ALL Export Pro < 1.7.9 - Authenticated SQLi
The plugin uses the contents of the ccsql POST parameter directly as a database query, allowing users which has been given permission to run exports to execute arbitrary SQL statements, leading to a SQL Injection vulnerability. By default only users with the Administrator role can perform exports...
WordPress WP ALL Export Pro plugin <= 1.7.8 - Authenticated Code Injection vulnerability
Authenticated Code Injection vulnerability discovered by Sanjay Das in WordPress WP ALL Export Pro plugin versions = 1.7.8. Solution Update the WordPress WP ALL Export Pro plugin to the latest available version at least 1.7.9...
WordPress WP ALL Export Pro premium plugin <= 1.7.8 - Authenticated SQL Injection (SQLi) vulnerability
Authenticated SQL Injection SQLi vulnerability discovered by Sanjay Das in WordPress WP ALL Export Pro premium plugin versions = 1.7.8. Solution Update the WordPress WP ALL Export Pro plugin to the latest available version at least 1.7.9...