WP All Export (Free < 1.4.1, Pro < 1.8.6) - Remote Code Execution via CSRF
CVE-2023-5882
8.8HIGH
Summary
The Export any WordPress data to XML/CSV plugin and the WP All Export Pro plugin have a vulnerability due to inadequate nonce token validation early in the request lifecycle. This flaw enables attackers to exploit logged-in users, potentially leading to unauthorized actions and remote code execution. By bypassing nonce authentication checks, malicious users can manipulate the intended security design, posing significant risks to WordPress installations utilizing these plugins.
Affected Version(s)
Export any WordPress data to XML/CSV 0 < 1.4.0
WP All Export Pro 0 < 1.8.6
References
CVSS V3.1
Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Francesco Marano (@mrnfrancesco)
Donato Di Pasquale (@ddipa)
WPScan