WordPress Plugin Vulnerabilities

WP ALL Export Pro < 1.7.9 - Authenticated Code Injection

Description

The plugin does not limit some functionality during exports only to users with the Administrator role, allowing any logged in user which has been given privileges to perform exports to execute arbitrary code on the site. By default only administrators can run exports, but the privilege can be delegated to lower privileged users.

Proof of Concept

https://github.com/p3n7a90n/WPPluginsVulnerabilitiesReported/tree/main/wp-all-export-pro/CodeInjection

Affects Plugins

wp-all-export-pro

Fixed in version 1.7.9

References

CVE

CVE-2022-3394

Classification

Type

RCE

OWASP top 10

A1: Injection

CWE

CWE-94

Miscellaneous

Original Researcher

Sanjay Das

Submitter

Sanjay Das

Submitter website

https://p3n7a90n.github.io/

Submitter twitter

https://twitter.com/p3n7a90n

Verified

Yes

WPVDB ID

3266eb59-a8b2-4a5a-ab48-01a9af631b2c

Timeline

Publicly Published

2022-10-03 (about 11 months ago)

Added

2022-10-03 (about 11 months ago)

Last Updated

2022-10-03 (about 11 months ago)

Our Other Services

WPScan WordPress Security Plugin