WordPress Plugin Vulnerabilities

Export All Posts, Products, Orders, Refunds & Users < 2.10 - Information Disclosure Through Unprotected Directory

Description

The plugin is vulnerable to Sensitive Information Exposure via the exports directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/uploads/smack_uci_uploads/exports/ directory which can contain information like exported user data.

Affects Plugins

Plugin icon
wp-ultimate-exporter
Fixed in 2.10

References

CVE
CVE-2024-12315
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/075709e0-5f00-4d7b-80f6-96e3b4b4a895

Classification

Type
SENSITIVE DATA DISCLOSURE
OWASP top 10
A3: Sensitive Data Exposure
CWE
CWE-200
CVSS
7.5 (high)

Miscellaneous

Original Researcher
Webbernaut
Verified
No
WPVDB ID
53fefca2-fd37-4446-889d-5f8fd6e1ab77

Timeline

Publicly Published
2025-02-11 (about 1 year ago)
Added
2025-02-12 (about 1 year ago)
Last Updated
2025-02-12 (about 1 year ago)

Other

Published
Title
Published
2026-02-17
Title
WP All Export < 1.4.15 - Unauthenticated Sensitive Information Exposure via PHP Type Juggling
Published
2025-12-08
Title
EasyCart < 5.8.12 - Unauthenticated Information Exposure
Published
2024-08-28
Title
The Post Grid < 7.7.12 - Authenticated (Contributor+) Information Disclosure
Published
2025-08-21
Title
ProveSource Social Proof < 4.0.0 - Unauthenticated Sensitive Information Disclosure
Published
2022-03-30
Title
Be POPIA Compliant < 1.1.6 - Unauthenticated Sensitive Information Exposure