VYPR

Export All Urls

by WordPress

CVEs (7)

  • CVE-2026-2696MedApr 1, 2026
    risk 0.34cvss 5.3epss 0.00

    The Export All URLs WordPress plugin before 5.1 generates CSV filenames containing posts URLS (including private posts) in a predictable pattern using a random 6-digit number. These files are stored in the publicly accessible wp-content/uploads/ directory. As a result, any…

  • CVE-2023-3118Jul 10, 2023
    risk 0.00cvss epss 0.00

    The Export All URLs WordPress plugin before 4.6 does not sanitise and escape a parameter before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

  • CVE-2022-27856May 10, 2023
    risk 0.00cvss epss 0.00

    Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Atlas Gondal Export All URLs plugin <= 4.1 versions.

  • CVE-2022-2638Aug 29, 2022
    risk 0.00cvss epss 0.01

    The Export All URLs WordPress plugin before 4.4 does not validate the path of the file to be removed on the system which is supposed to be the CSV file. This could allow high privilege users to delete arbitrary file from the server

  • CVE-2022-29452Jun 15, 2022
    risk 0.00cvss epss 0.00

    Authenticated (editor or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Export All URLs plugin <= 4.1 at WordPress.

  • CVE-2022-0914Apr 11, 2022
    risk 0.00cvss epss 0.01

    The Export All URLs WordPress plugin before 4.3 does not have CSRF in place when exporting data, which could allow attackers to make a logged in admin export all posts and pages (including private and draft) into an arbitrary CSV file, which the attacker can then download and…

  • CVE-2022-0892Apr 11, 2022
    risk 0.00cvss epss 0.01

    The Export All URLs WordPress plugin before 4.2 does not sanitise and escape the CSV filename before outputting it back in the page, leading to a Reflected Cross-Site Scripting