CVE-2021-24780

Name of the Vulnerable Software and Affected Versions: The Single Post Exporter WordPress plugin versions 1.1.1 and earlier

Description: The issue concerns a lack of CSRF checks when saving settings, which could allow attackers to make a logged-in admin change them via a CSRF attack. This could give access to the export feature to any role, such as a subscriber. Subscriber users would then be able to export an arbitrary post/page, including private and password-protected ones, via a direct URL.

Recommendations: For The Single Post Exporter WordPress plugin versions 1.1.1 and earlier, consider disabling the settings saving feature until a patch is available to prevent CSRF attacks. Restrict access to the export feature to minimize the risk of exploitation. Avoid using direct URLs for exporting posts/pages until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.