CVE-2022-3394

Name of the Vulnerable Software and Affected Versions WP All Export Pro versions prior to 1.7.9

Description The issue allows any logged-in user with export privileges to execute arbitrary code on the site, despite the default restriction to administrators. This is because the plugin does not limit certain functionality during exports to users with the Administrator role.

Recommendations For versions prior to 1.7.9, update to version 1.7.9 or later to resolve the issue. As a temporary workaround, consider removing export privileges from lower-privileged users until the update is applied.