CVE-2022-2711

The Import any XML or CSV File to WordPress plugin before 3.6.9 is not validating the paths of files contained in uploaded zip archives, allowing highly privileged users, such as admins, to write arbitrary files to any part of the file system accessible by the web server via a path traversal vect...

PT-2023-30383 · WordPress · Wp All Export Pro +1

Name of the Vulnerable Software and Affected Versions: Export any WordPress data to XML/CSV WordPress plugin versions prior to 1.4.0 WP All Export Pro WordPress plugin versions prior to 1.8.6 Description: The issue concerns the lack of validation and sanitization of the wp query parameter, allowi...

WordPress Export any WordPress data to XML/CSV Plugin < 1.4.0 is vulnerable to Remote Code Execution (RCE)

Software Export any WordPress data to XML/CSV Type Plugin Vulnerable versions 1.4.0 Fixed in 1.4.0 OWASP Top 10 A3: Injection Classification Remote Code Execution RCE CVE CVE-2023-4724 Patch priority Low CVSS severity Low 9.1 Developer Claim ownership PSID 6a309d1d1825 Credits Francesco Marano...

CVE-2022-36386

Authenticated Arbitrary Code Execution vulnerability in Soflyy Import any XML or CSV File to WordPress plugin = 3.6.7 at WordPress...

WordPress Import any XML or CSV File plugin arbitrary file upload vulnerability

WordPress is a blogging platform developed using the PHP language. WordPress Import any XML or CSV File plugin versions prior to 3.6.8 are vulnerable to arbitrary file uploads, which originate from accepting all zip files and automatically extracting the zip file without validating the extracted...

PT-2022-15625 · WordPress · Import Any Xml/Csv File To Wordpress

Name of the Vulnerable Software and Affected Versions: Import any XML or CSV File to WordPress plugin versions prior to 3.6.8 Description: The issue allows high privilege users, such as admins, to upload arbitrary files, including PHP files, by accepting all zip files and automatically extracting...

WordPress Import any XML or CSV File to WordPress plugin <= 3.6.7 - Authenticated Arbitrary Code Execution vulnerability

Authenticated Arbitrary Code Execution vulnerability discovered by Universe Patchstack Alliance in WordPress Import any XML or CSV File to WordPress plugin versions = 3.6.7. Solution Update the WordPress Import any XML or CSV File to WordPress plugin to the latest available version at least 3.6.8...

WordPress Export any WordPress data to XML/CSV plugin SQL Injection Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...

CVE-2022-1800

The Export any WordPress data to XML/CSV WordPress plugin before 1.3.5 does not sanitize the cpt POST parameter when exporting post data before using it in a database query, leading to an SQL injection vulnerability...

CVE-2022-1800 Export any WordPress data to XML/CSV < 1.3.5 - Admin+ SQL Injection

The Export any WordPress data to XML/CSV WordPress plugin before 1.3.5 does not sanitize the cpt POST parameter when exporting post data before using it in a database query, leading to an SQL injection vulnerability...

WordPress plugin Export any WordPress data to XML/CSV SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...

WordPress Export any WordPress data to XML/CSV plugin <= 1.3.5 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by WPScanTeam in WordPress Export any WordPress data to XML/CSV plugin versions = 1.3.5. Solution Update the WordPress Export any WordPress data to XML/CSV plugin to the latest available version at least 1.3.6...

Export any WordPress data to XML/CSV < 1.3.5 - Admin+ SQL Injection

The plugin does not sanitize the cpt POST parameter when exporting post data before using it in a database query, leading to an SQL injection vulnerability. 1. Go to the All Export New Export screen in the WordPress admin. 2. Now click on Specific Post Type Posts. 3. Click now on Migrate Posts an...

WordPress Export any WordPress data to XML/CSV plugin <= 1.3.4 - Authenticated SQL Injection (SQLi) vulnerability

Authenticated SQL Injection SQLi vulnerability discovered by Asif Nawaz Minhas in WordPress Export any WordPress data to XML/CSV plugin versions = 1.3.4. Solution Update the WordPress Export any WordPress data to XML/CSV plugin to the latest available version at least 1.3.5...

CVE-2021-24714

The Import any XML or CSV File to WordPress plugin before 3.6.3 does not escape the Import's Title and Unique Identifier fields before outputting them in admin pages, which could allow high privilege users to perform Cross-Site attacks even when the unfilteredhtml capability is disallowed...

Cross site scripting

The Export any WordPress data to XML/CSV WordPress plugin before 1.3.1 does not escape its Export's Name before outputting it in Manage Exports settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2021-24708 WP All Export < 1.3.1 - Admin+ Stored Cross-Site Scripting

The Export any WordPress data to XML/CSV WordPress plugin before 1.3.1 does not escape its Export's Name before outputting it in Manage Exports settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...