3 matches found
CVE-2022-3395 WP All Export Pro < 1.7.9 - Authenticated SQLi
The WP All Export Pro WordPress plugin before 1.7.9 uses the contents of the ccsql POST parameter directly as a database query, allowing users which has been given permission to run exports to execute arbitrary SQL statements, leading to a SQL Injection vulnerability. By default only users with t...
CVE-2022-3395 WP All Export Pro < 1.7.9 - Authenticated SQLi
The WP All Export Pro WordPress plugin before 1.7.9 uses the contents of the ccsql POST parameter directly as a database query, allowing users which has been given permission to run exports to execute arbitrary SQL statements, leading to a SQL Injection vulnerability. By default only users with t...
CVE-2022-3395
Affected software: WP All Export Pro WordPress plugin (pre-1.7.9). Vulnerability summary: The plugin directly uses the contents of the cc_sql POST parameter as a database query, enabling SQL injection when an authorized user (by default Administrator, but permissions can be delegated) runs export...