Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpvulndbSanjay DasWPVDB-ID:3266EB59-A8B2-4A5A-AB48-01A9AF631B2C
HistoryOct 03, 2022 - 12:00 a.m.

WP ALL Export Pro < 1.7.9 - Authenticated Code Injection

2022-10-0300:00:00
Sanjay Das
wpscan.com
9
wordpress
plugin
code injection
authenticated
vulnerability

EPSS

0.001

Percentile

48.5%

JSON

The plugin does not limit some functionality during exports only to users with the Administrator role, allowing any logged in user which has been given privileges to perform exports to execute arbitrary code on the site. By default only administrators can run exports, but the privilege can be delegated to lower privileged users.

PoC

https://github.com/p3n7a90n/WPPluginsVulnerabilitiesReported/tree/main/wp-all-export-pro/CodeInjection

Related

nvd 1
cve 1
patchstack 1
cvelist 1
wpexploit 1
prion 1
nvd
nvd
CVE-2022-3394
2022-10-25 17:15:57
cve
cve
CVE-2022-3394
2022-10-25 17:15:57
patchstack
patchstack
WordPress WP ALL Export Pro plugin <= 1.7.8 - Authenticated Code Injection vulnerability
2022-10-03 00:00:00
cvelist
cvelist
CVE-2022-3394 WP All Export Pro < 1.7.9 - Authenticated Code Injection
2022-10-25 00:00:00
wpexploit
wpexploit
WP ALL Export Pro < 1.7.9 - Authenticated Code Injection
2022-10-03 00:00:00
prion
prion
Code injection
2022-10-25 17:15:00

EPSS

0.001

Percentile

48.5%

JSON
Related for WPVDB-ID:3266EB59-A8B2-4A5A-AB48-01A9AF631B2C
nvd1cve1patchstack1cvelist1wpexploit1prion1