22 matches found
CVE-2023-4724
The Export any WordPress data to XML/CSV WordPress plugin before 1.4.0, WP All Export Pro WordPress plugin before 1.8.6 does not validate and sanitise the wpquery parameter which allows an attacker to run arbitrary command on the remote server...
CVE-2022-3394
The WP All Export Pro WordPress plugin before 1.7.9 does not limit some functionality during exports only to users with the Administrator role, allowing any logged in user which has been given privileges to perform exports to execute arbitrary code on the site. By default only administrators can...
CVE-2022-3395
The WP All Export Pro WordPress plugin before 1.7.9 uses the contents of the ccsql POST parameter directly as a database query, allowing users which has been given permission to run exports to execute arbitrary SQL statements, leading to a SQL Injection vulnerability. By default only users with t...
CVE-2024-7419
The WP ALL Export Pro plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.9.1 via the custom export fields. This is due to the missing input validation and sanitization of user-supplied data. This makes it possible for unauthenticated attackers to...
CVE-2024-7425 WP All Export Pro <= 1.9.1 - Authenticated (ShopManager+) Arbtirary Options Update
The WP ALL Export Pro plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to improper user input validation and sanitization in all versions up to, and including, 1.9.1. This makes it possible for authenticated attackers, with Shop...
CVE-2024-7425 WP All Export Pro <= 1.9.1 - Authenticated (ShopManager+) Arbtirary Options Update
The WP ALL Export Pro plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to improper user input validation and sanitization in all versions up to, and including, 1.9.1. This makes it possible for authenticated attackers, with Shop...
CVE-2024-7425
CVE-2024-7425 (WP All Export Pro
CVE-2024-7419
The WP ALL Export Pro plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.9.1 via the custom export fields. This is due to the missing input validation and sanitization of user-supplied data. This makes it possible for unauthenticated attackers to...
CVE-2024-7419 WP All Export Pro <= 1.9.1 - Unauthenticated Remote Code Execution via Custom Export Fields
The WP ALL Export Pro plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.9.1 via the custom export fields. This is due to the missing input validation and sanitization of user-supplied data. This makes it possible for unauthenticated attackers to...
CVE-2024-7419 WP All Export Pro <= 1.9.1 - Unauthenticated Remote Code Execution via Custom Export Fields
The WP ALL Export Pro plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.9.1 via the custom export fields. This is due to the missing input validation and sanitization of user-supplied data. This makes it possible for unauthenticated attackers to...
CVE-2024-7419
CVE-2024-7419: WP All Export Pro for WordPress (versions up to 1.9.1) is vulnerable to unauthenticated remote code execution via the custom export fields due to missing input validation/sanitization of user-provided data. This can allow an attacker to inject PHP code that executes on the server d...
WordPress WP ALL Export Pro Plugin < 1.8.6 is vulnerable to Cross Site Request Forgery (CSRF)
Software WP ALL Export Pro Type Plugin Vulnerable versions 1.8.6 Fixed in 1.8.6 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-5886 Patch priority Low CVSS severity Low 9.6 Developer Claim ownership PSID e2621499c15e Credits Alex Sanford Require...
CVE-2022-3394
The WP All Export Pro WordPress plugin before 1.7.9 does not limit some functionality during exports only to users with the Administrator role, allowing any logged in user which has been given privileges to perform exports to execute arbitrary code on the site. By default only administrators can...
Code injection
The WP All Export Pro WordPress plugin before 1.7.9 does not limit some functionality during exports only to users with the Administrator role, allowing any logged in user which has been given privileges to perform exports to execute arbitrary code on the site. By default only administrators can...
CVE-2022-3395
Affected software: WP All Export Pro WordPress plugin (pre-1.7.9). Vulnerability summary: The plugin directly uses the contents of the cc_sql POST parameter as a database query, enabling SQL injection when an authorized user (by default Administrator, but permissions can be delegated) runs export...
CVE-2022-3394 WP All Export Pro < 1.7.9 - Authenticated Code Injection
The WP All Export Pro WordPress plugin before 1.7.9 does not limit some functionality during exports only to users with the Administrator role, allowing any logged in user which has been given privileges to perform exports to execute arbitrary code on the site. By default only administrators can...
CVE-2022-3394 WP All Export Pro < 1.7.9 - Authenticated Code Injection
The WP All Export Pro WordPress plugin before 1.7.9 does not limit some functionality during exports only to users with the Administrator role, allowing any logged in user which has been given privileges to perform exports to execute arbitrary code on the site. By default only administrators can...
CVE-2022-3395 WP All Export Pro < 1.7.9 - Authenticated SQLi
The WP All Export Pro WordPress plugin before 1.7.9 uses the contents of the ccsql POST parameter directly as a database query, allowing users which has been given permission to run exports to execute arbitrary SQL statements, leading to a SQL Injection vulnerability. By default only users with t...
PT-2022-21926 · WordPress · Wp All Export Pro
Name of the Vulnerable Software and Affected Versions: WP All Export Pro versions prior to 1.7.9 Description: The issue allows any logged-in user with export privileges to execute arbitrary code on the site, despite the default restriction to administrators. This is because the plugin does not...
CVE-2022-3394
Summary: CVE-2022-3394 affects the WP All Export Pro WordPress plugin. The vulnerability exists in versions before 1.7.9 and stems from insufficient access control during exports, where non-admin users with export privileges can trigger arbitrary code execution on the site. The issue is triggered...