CVE-2024-13232

Name of the Vulnerable Software and Affected Versions WordPress Awesome Import & Export Plugin - Import & Export WordPress Data plugin versions up to, and including, 4.1.1

Description The issue is related to arbitrary SQL execution and privilege escalation due to a missing capability check on the renderImport() function. This allows authenticated attackers with Subscriber-level access and above to execute arbitrary SQL statements, potentially creating a new administrative user account.

Recommendations For versions up to, and including, 4.1.1, update to a version that includes a fix for the missing capability check in the renderImport() function to prevent arbitrary SQL execution and privilege escalation.