CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-20968 – Export WordPress Data with Advanced Filters <= 1.4.1 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2018-20968
The wp-ultimate-exporter plugin before 1.4.2 for WordPress has CSRF. El plugin wp-ultimate-exporter versiones anteriores a 1.4.2 para WordPress, presenta una vulnerabilidad de tipo CSRF. The Export WordPress Data with Advanced Filters plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4.1. This is due to missing or incorrect nonce validation on the export_module() function. This makes it possible for unauthenticated attackers to export module data via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://wordpress.org/plugins/wp-ultimate-exporter/#developers • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2016-11000 – Export WordPress Data with Advanced Filters < 1.2 - SQL Injection
https://notcve.org/view.php?id=CVE-2016-11000
The wp-ultimate-exporter plugin through 1.1 for WordPress has SQL injection via the export_type_name parameter. El plugin wp-ultimate-exporter versiones hasta 1.1 para WordPress, presenta una inyección SQL por medio del parámetro export_type_name. • https://seclists.org/bugtraq/2016/Feb/183 https://wordpress.org/plugins/wp-ultimate-exporter/#developers • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •