CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7425 – WP All Export Pro <= 1.9.1 - Authenticated (ShopManager+) Arbtirary Options Update
https://notcve.org/view.php?id=CVE-2024-7425
07 Feb 2025 — The WP ALL Export Pro plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to improper user input validation and sanitization in all versions up to, and including, 1.9.1. This makes it possible for authenticated attackers, with Shop Manager-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain a... • https://www.wordfence.com/threat-intel/vulnerabilities/id/c9205896-487d-4b8f-84cf-7ba16e1205e3?source=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7419 – WP All Export Pro <= 1.9.1 - Unauthenticated Remote Code Execution via Custom Export Fields
https://notcve.org/view.php?id=CVE-2024-7419
07 Feb 2025 — The WP ALL Export Pro plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.9.1 via the custom export fields. This is due to the missing input validation and sanitization of user-supplied data. This makes it possible for unauthenticated attackers to inject arbitrary PHP code into form fields that get executed on the server during the export, potentially leading to a complete site compromise. As a prerequisite, the custom export field should include fields contai... • https://www.wordfence.com/threat-intel/vulnerabilities/id/40b57370-4fd7-4316-9e99-a3f1d34616e8?source=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31939 – WordPress Import any XML or CSV File to WordPress plugin <= 3.7.3 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-31939
10 Apr 2024 — Cross-Site Request Forgery (CSRF) vulnerability in Soflyy Import any XML or CSV File to WordPress.This issue affects Import any XML or CSV File to WordPress: from n/a through 3.7.3. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Soflyy Importe cualquier archivo XML o CSV a WordPress. Este problema afecta la importación de cualquier archivo XML o CSV a WordPress: desde n/a hasta 3.7.3. The Import any XML or CSV File to WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all ... • https://patchstack.com/database/vulnerability/wp-all-import/wordpress-import-any-xml-or-csv-file-to-wordpress-plugin-3-7-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •