CVE-2024-3597

Name of the Vulnerable Software and Affected Versions Export WP Page to Static HTML/CSS plugin for WordPress versions up to, and including, 2.2.2

Description The issue is due to insufficient validation on the redirect url supplied via the rc exported zip file parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.

Recommendations For versions up to, and including, 2.2.2, consider disabling the functionality that uses the rc exported zip file parameter until a patch is available. As a temporary workaround, restrict access to the plugin's functionality to minimize the risk of exploitation. Avoid using the rc exported zip file parameter in the affected plugin until the issue is resolved.