Ddipa

**Name of the Vulnerable Software and Affected Versions** Export any WordPress data to XML/CSV WordPress plugin versions prior to 1.4.0 WP All Export Pro WordPress plugin versions prior to 1.8.6 **Description** The issue concerns the lack of validation and sanitization of the `wp query` parameter, allowing an attacker to execute arbitrary commands on the remote server. **Recommendations** For Export any WordPress data to XML/CSV WordPress plugin versions prior to 1.4.0, update to version 1.4.0 or later. For WP All Export Pro WordPress plugin versions prior to 1.8.6, update to version 1.8.6 or later.

**Name of the Vulnerable Software and Affected Versions** Export any WordPress data to XML/CSV WordPress plugin versions prior to 1.4.0 WP All Export Pro WordPress plugin versions prior to 1.8.6 **Description** The issue allows attackers to make logged-in users perform unwanted actions, leading to remote code execution. This is due to the plugins not checking nonce tokens early enough in the request lifecycle. **Recommendations** For Export any WordPress data to XML/CSV WordPress plugin versions prior to 1.4.0, update to version 1.4.0 or later. For WP All Export Pro WordPress plugin versions prior to 1.8.6, update to version 1.8.6 or later.