Wp Ultimate Exporter
by WordPress
Source repositories
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-11000 | Cri | 0.64 | 9.8 | 0.02 | Sep 20, 2019 | The wp-ultimate-exporter plugin through 1.1 for WordPress has SQL injection via the export_type_name parameter. | ||
| CVE-2024-56278 | Cri | 0.59 | 9.1 | 0.02 | Jan 7, 2025 | Improper Control of Generation of Code ('Code Injection') vulnerability in Smackcoders Inc., WP Ultimate Exporter wp-ultimate-exporter allows PHP Remote File Inclusion.This issue affects WP Ultimate Exporter: from n/a through <= 2.9.1. | ||
| CVE-2025-2332 | Cri | 0.57 | 9.8 | 0.01 | Mar 27, 2025 | The Export All Posts, Products, Orders, Refunds & Users plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.13 via deserialization of untrusted input in the 'returnMetaValueAsCustomerInput' function. This makes it possible for… | ||
| CVE-2018-20968 | Hig | 0.57 | 8.8 | 0.01 | Aug 14, 2019 | The wp-ultimate-exporter plugin before 1.4.2 for WordPress has CSRF. | ||
| CVE-2025-24611 | Med | 0.32 | 4.9 | 0.01 | Jan 24, 2025 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Smackcoders Inc., WP Ultimate Exporter wp-ultimate-exporter allows Absolute Path Traversal.This issue affects WP Ultimate Exporter: from n/a through <= 2.9. |
- risk 0.64cvss 9.8epss 0.02
The wp-ultimate-exporter plugin through 1.1 for WordPress has SQL injection via the export_type_name parameter.
- risk 0.59cvss 9.1epss 0.02
Improper Control of Generation of Code ('Code Injection') vulnerability in Smackcoders Inc., WP Ultimate Exporter wp-ultimate-exporter allows PHP Remote File Inclusion.This issue affects WP Ultimate Exporter: from n/a through <= 2.9.1.
- risk 0.57cvss 9.8epss 0.01
The Export All Posts, Products, Orders, Refunds & Users plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.13 via deserialization of untrusted input in the 'returnMetaValueAsCustomerInput' function. This makes it possible for…
- risk 0.57cvss 8.8epss 0.01
The wp-ultimate-exporter plugin before 1.4.2 for WordPress has CSRF.
- risk 0.32cvss 4.9epss 0.01
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Smackcoders Inc., WP Ultimate Exporter wp-ultimate-exporter allows Absolute Path Traversal.This issue affects WP Ultimate Exporter: from n/a through <= 2.9.