WordPress Plugin Vulnerabilities

WP Ultimate Exporter <= 1.1 - Unauthenticated SQL Injection

Description

The Export WordPress Data with Advanced Filters WordPress plugin was affected by an Unauthenticated SQL Injection security vulnerability.

Affects Plugins

Plugin icon
wp-ultimate-exporter
Fixed in 1.2

References

CVE
CVE-2016-11000
URL
https://seclists.org/bugtraq/2016/Feb/183

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89
CVSS
9.8 (critical)

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
5c2c28df-d2e3-47bd-a40d-2019e10ec665

Timeline

Publicly Published
2016-02-25 (about 10 years ago)
Added
2016-03-13 (about 10 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2014-08-01
Title
CStar Design 2.0 - flashmoXML.php id Parameter SQL Injection
Published
2026-04-08
Title
Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder < 1.15.39 - Unauthenticated SQL Injection
Published
2017-08-20
Title
Photo Gallery by WD <= 1.3.50 - Authenticated SQL Injection
Published
2024-08-20
Title
App Builder – Create Native Android & iOS Apps On The Flight < 4.3.4 - Unauthenticated Limited SQL Injection via app-builder-search
Published
2023-07-03
Title
User Activity Log < 1.6.3 - Admin+ SQL Injection