CVE-2022-3395

Name of the Vulnerable Software and Affected Versions WP All Export Pro versions prior to 1.7.9

Description The issue allows users with permission to run exports to execute arbitrary SQL statements due to the direct use of the cc sql POST parameter as a database query. This affects users who have been given permission to perform exports, which by default includes only users with the Administrator role, but can also include lower privileged users if such permissions are delegated.

Recommendations For versions prior to 1.7.9, update to version 1.7.9 or later to resolve the issue. As a temporary workaround, consider restricting the permission to run exports to only the Administrator role until the update is applied.