The Export any WordPress data to XML/CSV WordPress plugin prior to 1.4.0, WP All Export Pro WordPress plugin prior to 1.8.6 does not validate and sanitise the `wp_query` parameter which allows an malicious user to run arbitrary command on the remote server
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
soflyy export any wordpress data to xml\\/csv |
||
soflyy wp all export |