Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpvulndbSanjay DasWPVDB-ID:10742154-368A-40BE-A67D-80EA848493A0
HistoryOct 03, 2022 - 12:00 a.m.

WP ALL Export Pro < 1.7.9 - Authenticated SQLi

2022-10-0300:00:00
Sanjay Das
wpscan.com
6
wp all export pro
sql injection
plugin vulnerability
authenticated
arbitrary sql
administrator role

0.001 Low

EPSS

Percentile

37.9%

JSON

The plugin uses the contents of the cc_sql POST parameter directly as a database query, allowing users which has been given permission to run exports to execute arbitrary SQL statements, leading to a SQL Injection vulnerability. By default only users with the Administrator role can perform exports, but this can be delegated to lower privileged users as well.

PoC

https://github.com/p3n7a90n/WPPluginsVulnerabilitiesReported/tree/main/wp-all-export-pro/SQLInjection

CPENameOperatorVersion
wp-all-export-prolt1.7.9

Related

cvelist 1
wpexploit 1
cve 1
nvd 1
patchstack 1
prion 1
cvelist
cvelist
CVE-2022-3395 WP All Export Pro < 1.7.9 - Authenticated SQLi
2022-10-25 00:00:00
wpexploit
wpexploit
WP ALL Export Pro < 1.7.9 - Authenticated SQLi
2022-10-03 00:00:00
cve
cve
CVE-2022-3395
2022-10-25 17:15:57
nvd
nvd
CVE-2022-3395
2022-10-25 17:15:57
patchstack
patchstack
WordPress WP ALL Export Pro premium plugin <= 1.7.8 - Authenticated SQL Injection (SQLi) vulnerability
2022-10-03 00:00:00
prion
prion
Sql injection
2022-10-25 17:15:00

0.001 Low

EPSS

Percentile

37.9%

JSON
Related for WPVDB-ID:10742154-368A-40BE-A67D-80EA848493A0
cvelist1wpexploit1cve1nvd1patchstack1prion1