CVE-2022-1800

Name of the Vulnerable Software and Affected Versions Export any WordPress data to XML/CSV WordPress plugin versions prior to 1.3.5

Description The issue arises from the lack of sanitization of the cpt POST parameter when exporting post data, which is then used in a database query. This leads to an SQL injection vulnerability.

Recommendations For versions prior to 1.3.5, update to version 1.3.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the export functionality to minimize the risk of exploitation. Avoid using the cpt parameter in the affected endpoint until the issue is resolved.