CVE-2024-7425

Name of the Vulnerable Software and Affected Versions WP ALL Export Pro plugin for WordPress versions up to, and including, 1.9.1

Description The issue allows authenticated attackers with Shop Manager-level access and above to update arbitrary options on the WordPress site due to improper user input validation and sanitization. This can be leveraged to update the default role for registration to administrator and enable user registration, allowing attackers to gain administrative user access to a vulnerable site.

Recommendations For WP ALL Export Pro plugin for WordPress versions up to, and including, 1.9.1, update to a version later than 1.9.1 to resolve the issue. As a temporary workaround, consider restricting access to the plugin's functionality for users with Shop Manager-level access and above until a patch is available.