The Export any WordPress data to XML/CSV WordPress plugin prior to 1.4.0, WP All Export Pro WordPress plugin prior to 1.8.6 does not check nonce tokens early enough in the request lifecycle, allowing attackers with the ability to upload files to make logged in users perform unwanted actions leading to PHAR deserialization, which may lead to remote code execution.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
soflyy wp all export |
||
soflyy export any wordpress data to xml\\/csv |