VYPR
Unrated severityNVD Advisory· Published Apr 11, 2022· Updated Aug 2, 2024

Export All URLs < 4.3 - Private/Draft Post/Page Title Disclosure via CSRF

CVE-2022-0914

Description

The Export All URLs WordPress plugin before 4.3 does not have CSRF in place when exporting data, which could allow attackers to make a logged in admin export all posts and pages (including private and draft) into an arbitrary CSV file, which the attacker can then download and retrieve the list of titles for example

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.