Description
WordPress Plugin WP ALL Export Pro is prone to multiple vulnerabilities, including SQL injection and arbitrary code execution vulnerabilities. Exploiting these issues could allow an attacker to access or modify data, to execute arbitrary commands with the privileges of the user running the application, to compromise the application or the underlying database, or to compromise a vulnerable system. WordPress Plugin WP ALL Export Pro version 1.7.8 is vulnerable; prior versions may also be affected.
Remediation
Disable and remove the plugin until a fix is available
References
Related Vulnerabilities
phpMyAdmin 7PK - Security Features Vulnerability (CVE-2015-7873)
IBM RTC Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-6131)
WordPress Plugin Event Registration 'event_id' Parameter SQL Injection (5.44)
WordPress Plugin Social Share Icons & Social Share Buttons Security Bypass (2.4.5)