PT-2023-30383 · WordPress · Wp All Export Pro+1
Ddipa
+3
·
Published
2023-12-18
·
Updated
2023-12-21
·
CVE-2023-4724
CVSS v3.1
7.2
High
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Export any WordPress data to XML/CSV WordPress plugin versions prior to 1.4.0
WP All Export Pro WordPress plugin versions prior to 1.8.6
Description
The issue concerns the lack of validation and sanitization of the
wp query parameter, allowing an attacker to execute arbitrary commands on the remote server.Recommendations
For Export any WordPress data to XML/CSV WordPress plugin versions prior to 1.4.0, update to version 1.4.0 or later.
For WP All Export Pro WordPress plugin versions prior to 1.8.6, update to version 1.8.6 or later.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Export Any Wordpress Data To Xml/Csv
Wp All Export Pro