VYPR

Wp Ultimate Exporter

by WordPress

Source repositories

CVEs (5)

  • CVE-2016-11000CriSep 20, 2019
    risk 0.64cvss 9.8epss 0.02

    The wp-ultimate-exporter plugin through 1.1 for WordPress has SQL injection via the export_type_name parameter.

  • CVE-2024-56278CriJan 7, 2025
    risk 0.59cvss 9.1epss 0.02

    Improper Control of Generation of Code ('Code Injection') vulnerability in Smackcoders Inc., WP Ultimate Exporter wp-ultimate-exporter allows PHP Remote File Inclusion.This issue affects WP Ultimate Exporter: from n/a through <= 2.9.1.

  • CVE-2025-2332CriMar 27, 2025
    risk 0.57cvss 9.8epss 0.01

    The Export All Posts, Products, Orders, Refunds & Users plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.13 via deserialization of untrusted input in the 'returnMetaValueAsCustomerInput' function. This makes it possible for…

  • CVE-2018-20968HigAug 14, 2019
    risk 0.57cvss 8.8epss 0.01

    The wp-ultimate-exporter plugin before 1.4.2 for WordPress has CSRF.

  • CVE-2025-24611MedJan 24, 2025
    risk 0.32cvss 4.9epss 0.01

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Smackcoders Inc., WP Ultimate Exporter wp-ultimate-exporter allows Absolute Path Traversal.This issue affects WP Ultimate Exporter: from n/a through <= 2.9.