CVE-2022-0236
CVE-2022-0236 affects the WordPress plugin WP Import Export (free & premium) up to version 3.9.15. The root cause is a missing capability check in the download function wpie_process_file_download (in ~/includes/classes/class-wpie-general.php), allowing unauthenticated attackers to disclose sensit...