PT-2023-30383 · WordPress · Wp All Export Pro+1

Ddipa

Publicado

2023-12-18

Atualizado

2023-12-21

CVE-2023-4724

CVSS v3.1

7.2

Alta

Vetor

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Export any WordPress data to XML/CSV WordPress plugin versions prior to 1.4.0 WP All Export Pro WordPress plugin versions prior to 1.8.6

Description The issue concerns the lack of validation and sanitization of the wp query parameter, allowing an attacker to execute arbitrary commands on the remote server.

Recommendations For Export any WordPress data to XML/CSV WordPress plugin versions prior to 1.4.0, update to version 1.4.0 or later. For WP All Export Pro WordPress plugin versions prior to 1.8.6, update to version 1.8.6 or later.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2023-4724

Produtos afetados

Export Any Wordpress Data To Xml/Csv

Wp All Export Pro

PT-2023-30383 · WordPress · Wp All Export Pro+1

CVE-2023-4724

Identificadores relacionados

Produtos afetados

Referências · 4