PT-2026-29473 · WordPress · Export All Urls
Mohammad Aghdasi
·
Published
2026-04-01
·
Updated
2026-04-01
·
CVE-2026-2696
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Export All URLs WordPress plugin versions prior to 5.1
Description
The Export All URLs WordPress plugin versions before 5.1 creates CSV filenames with predictable patterns based on post URLs, including those for private posts. These files are saved in the publicly accessible 'wp-content/uploads/' directory, allowing unauthenticated users to potentially access sensitive data by brute-forcing the filenames.
Recommendations
Update the Export All URLs WordPress plugin to version 5.1 or later.
Exploit
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Export All Urls