Unauthorized Data Modification in WP ALL Export Pro Plugin for WordPress
CVE-2024-7425
7.2HIGH
What is CVE-2024-7425?
The WP ALL Export Pro plugin for WordPress is susceptible to unauthorized data modification due to inadequate user input validation and sanitization processes present in all versions up to and including 1.9.1. This vulnerability enables authenticated users, at least with Shop Manager-level access, to alter site options arbitrarily. Attackers can manipulate registration roles, potentially granting themselves administrative access by enabling user registration on compromised sites.
Affected Version(s)
WP All Export Pro * <= 1.9.1