VYPR

Export any WordPress data to XML/CSV

by WordPress

CVEs (5)

  • CVE-2023-5886HigDec 18, 2023
    risk 0.57cvss 8.8epss 0.01

    The Export any WordPress data to XML/CSV WordPress plugin before 1.4.0, WP All Export Pro WordPress plugin before 1.8.6 does not check nonce tokens early enough in the request lifecycle, allowing attackers with the ability to upload files to make logged in users perform unwanted…

  • CVE-2023-5882HigDec 18, 2023
    risk 0.57cvss 8.8epss 0.01

    The Export any WordPress data to XML/CSV WordPress plugin before 1.4.0, WP All Export Pro WordPress plugin before 1.8.6 does not check nonce tokens early enough in the request lifecycle, allowing attackers to make logged in users perform unwanted actions leading to remote code…

  • CVE-2023-4724HigDec 18, 2023
    risk 0.47cvss 7.2epss 0.01

    The Export any WordPress data to XML/CSV WordPress plugin before 1.4.0, WP All Export Pro WordPress plugin before 1.8.6 does not validate and sanitise the `wp_query` parameter which allows an attacker to run arbitrary command on the remote server

  • CVE-2022-1800HigJun 13, 2022
    risk 0.47cvss 7.2epss 0.01

    The Export any WordPress data to XML/CSV WordPress plugin before 1.3.5 does not sanitize the cpt POST parameter when exporting post data before using it in a database query, leading to an SQL injection vulnerability.

  • CVE-2021-24708MedNov 8, 2021
    risk 0.31cvss 4.8epss 0.01

    The Export any WordPress data to XML/CSV WordPress plugin before 1.3.1 does not escape its Export's Name before outputting it in Manage Exports settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is…