Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpvulndbUnlock SecurityWPVDB-ID:72BE4B5C-21BE-46AF-A3F4-08B4C190A7E2
HistoryNov 21, 2023 - 12:00 a.m.

WP All Export (Free < 1.4.1, Pro < 1.8.6) - Remote Code Execution via CSRF

2023-11-2100:00:00
Unlock Security
wpscan.com
7
wp all export
remote code execution
csrf
nonce check
vulnerability
wordpress plugin
security
phpinfo()

AI Score

9.6

Confidence

High

EPSS

0.001

Percentile

49.2%

JSON

Description The plugin does not check nonce tokens early enough in the request lifecycle, allowing attackers to make logged in users perform unwanted actions leading to remote code execution.

PoC

Submit the following form as a Super Admin (notice that it does not contain a nonce). Despite the error, visit /wp-admin/admin.php?page=pmxe-admin-export&amp;action;=template to see the output of phpinfo().

Related

prion 1
cvelist 1
cve 1
wpexploit 1
nvd 1
wordfence 1
prion
prion
Remote code execution
2023-12-18 20:15:00
cvelist
cvelist
CVE-2023-5882 WP All Export (Free < 1.4.1, Pro < 1.8.6) - Remote Code Execution via CSRF
2023-12-18 20:08:04
cve
cve
CVE-2023-5882
2023-12-18 20:15:08
wpexploit
wpexploit
WP All Export (Free < 1.4.1, Pro < 1.8.6) - Remote Code Execution via CSRF
2023-11-21 00:00:00
nvd
nvd
CVE-2023-5882
2023-12-18 20:15:08
wordfence
wordfence
Wordfence Intelligence Weekly WordPress Vulnerability Report (November 20, 2023 to November 26, 2023)
2023-11-30 15:31:16

AI Score

9.6

Confidence

High

EPSS

0.001

Percentile

49.2%

JSON
Related for WPVDB-ID:72BE4B5C-21BE-46AF-A3F4-08B4C190A7E2
prion1cvelist1cve1wpexploit1nvd1wordfence1