3 matches found
CVE-2026-9712
CVE-2026-9712 concerns the pretix API where exporting creates a UUID for the export job and later a download request uses that UUID. The root cause is that one API endpoint did not verify that the download UUID actually corresponds to a file that is downloadable and belongs to the correct user. T...
CVE-2026-1582 WP All Export <= 1.4.14 - Unauthenticated Sensitive Information Exposure via PHP Type Juggling
The WP All Export plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.14 via the export download endpoint. This is due to a PHP type juggling vulnerability in the security token comparison which uses loose comparison == instead of strict...
CVE-2026-1582
The vulnerability CVE-2026-1582 affects the WordPress plugin WP All Export up to version 1.4.14 . A PHP type juggling flaw in the security token comparison (loose ==) allows an unauthenticated attacker to bypass authentication via “magic hash” values when the MD5 prefix matches the pattern ^0e\d+...