3 matches found
CVE-2022-3394
The WP All Export Pro WordPress plugin before 1.7.9 does not limit some functionality during exports only to users with the Administrator role, allowing any logged in user which has been given privileges to perform exports to execute arbitrary code on the site. By default only administrators can...
CVE-2022-3394 WP All Export Pro < 1.7.9 - Authenticated Code Injection
The WP All Export Pro WordPress plugin before 1.7.9 does not limit some functionality during exports only to users with the Administrator role, allowing any logged in user which has been given privileges to perform exports to execute arbitrary code on the site. By default only administrators can...
CVE-2022-3394
Summary: CVE-2022-3394 affects the WP All Export Pro WordPress plugin. The vulnerability exists in versions before 1.7.9 and stems from insufficient access control during exports, where non-admin users with export privileges can trigger arbitrary code execution on the site. The issue is triggered...