7 matches found
CVE-2022-3395
Affected software: WP All Export Pro WordPress plugin (pre-1.7.9). Vulnerability summary: The plugin directly uses the contents of the cc_sql POST parameter as a database query, enabling SQL injection when an authorized user (by default Administrator, but permissions can be delegated) runs export...
CVE-2022-3394
Summary: CVE-2022-3394 affects the WP All Export Pro WordPress plugin. The vulnerability exists in versions before 1.7.9 and stems from insufficient access control during exports, where non-admin users with export privileges can trigger arbitrary code execution on the site. The issue is triggered...
CVE-2023-5882
CVE-2023-5882 concerns two WordPress plugins: Export any WordPress data to XML/CSV (free) and WP All Export Pro. Public records state both are vulnerable to CSRF due to insufficient nonce validation in early request processing, enabling an attacker to cause a logged-in user (and per some sources,...
CVE-2023-4724
CVE-2023-4724 affects WP All Export (free) < 1.4.0 and WP All Export Pro
CVE-2023-5886
CVE-2023-5886 affects the WP All Export (Free < 1.4.1) and WP All Export Pro (
CVE-2024-7419
CVE-2024-7419: WP All Export Pro for WordPress (versions up to 1.9.1) is vulnerable to unauthenticated remote code execution via the custom export fields due to missing input validation/sanitization of user-provided data. This can allow an attacker to inject PHP code that executes on the server d...
CVE-2024-7425
CVE-2024-7425 (WP All Export Pro