Remote Code Execution Vulnerability in WP ALL Export Pro Plugin for WordPress
CVE-2024-7419

8.8HIGH

Key Information:

Vendor: WP All Import
Status: WP All Export Pro
Vendor: CVE Published:; 7 February 2025

Summary

The WP ALL Export Pro plugin for WordPress is susceptible to Remote Code Execution, allowing unauthorized attackers to exploit missing input validation. This vulnerability affects all versions up to and including 1.9.1, where custom export fields do not adequately sanitize user-supplied data. As a result, attackers could inject arbitrary PHP code into safety-critical form fields, which are processed on the server during the export operation, posing a significant risk of complete site compromise.

Affected Version(s)

WP All Export Pro * <= 1.9.1

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://www.wpallimport.com/upgrade-to-wp-all-export-pro/

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Feb 7, 2025
Vulnerability Reserved
Aug 2, 2024

Credit

Francesco Carlucci