High severity8.8NVD Advisory· Published Oct 25, 2022· Updated Jun 17, 2026
CVE-2022-3395
CVE-2022-3395
Description
The WP All Export Pro WordPress plugin before 1.7.9 uses the contents of the cc_sql POST parameter directly as a database query, allowing users which has been given permission to run exports to execute arbitrary SQL statements, leading to a SQL Injection vulnerability. By default only users with the Administrator role can perform exports, but this can be delegated to lower privileged users as well.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <1.7.9
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/10742154-368a-40be-a67d-80ea848493a0nvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.