CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24611 – WordPress Export All Posts, Products, Orders, Refunds & Users Plugin <= 2.9 - Arbitrary File Read vulnerability
https://notcve.org/view.php?id=CVE-2025-24611
24 Jan 2025 — Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Smackcoders WP Ultimate Exporter allows Absolute Path Traversal. This issue affects WP Ultimate Exporter: from n/a through 2.9. The Export All Posts, Products, Orders, Refunds & Users plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 2.9. This makes it possible for authenticated attackers, with Administrator-level access and above, to read the contents of arbitrary files o... • https://patchstack.com/database/wordpress/plugin/wp-ultimate-exporter/vulnerability/wordpress-export-all-posts-products-orders-refunds-users-plugin-2-9-arbitrary-file-read-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-56278 – WordPress WP Ultimate Exporter plugin <= 2.9.1 - Remote Code Execution (RCE) vulnerability
https://notcve.org/view.php?id=CVE-2024-56278
03 Jan 2025 — Improper Control of Generation of Code ('Code Injection') vulnerability in Smackcoders WP Ultimate Exporter allows PHP Remote File Inclusion.This issue affects WP Ultimate Exporter: from n/a through 2.9.1. La vulnerabilidad de control inadecuado de generación de código ('inyección de código') en WP Ultimate Exporter de Smackcoders permite la inclusión remota de archivos PHP. Este problema afecta a WP Ultimate Exporter: desde n/a hasta 2.9.1. The Export All Posts, Products, Orders, Refunds & Users plugin for... • https://github.com/DoTTak/CVE-2024-56278 • CWE-94: Improper Control of Generation of Code ('Code Injection') •