Description

WordPress Plugin WP ALL Export Pro is prone to multiple vulnerabilities, including SQL injection and arbitrary code execution vulnerabilities. Exploiting these issues could allow an attacker to access or modify data, to execute arbitrary commands with the privileges of the user running the application, to compromise the application or the underlying database, or to compromise a vulnerable system. WordPress Plugin WP ALL Export Pro version 1.7.8 is vulnerable; prior versions may also be affected.

Remediation

Disable and remove the plugin until a fix is available

References

https://github.com/p3n7a90n/WPPluginsVulnerabilitiesReported/tree/main/wp-all-export-pro/CodeInjection

https://github.com/p3n7a90n/WPPluginsVulnerabilitiesReported/tree/main/wp-all-export-pro/SQLInjection

Related Vulnerabilities

MySQL CVE-2021-35597 Vulnerability (CVE-2021-35597)

WordPress Plugin BuddyPress Multiple Cross-Site Request Forgery Vulnerabilities (2.8.1)

TYPO3 Deserialization of Untrusted Data Vulnerability (CVE-2019-19849)

WordPress Plugin Campaign Press Cross-Site Scripting (1.0.5)

WordPress Plugin Gutenberg Template Library & Redux Framework Cross-Site Request Forgery (4.1.20)

Severity

High

Classification

CVE-2022-3394 CVE-2022-3395 CWE-89 CWE-94 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Missing Update