Unauthorized Data Modification in WP ALL Export Pro Plugin for WordPress
CVE-2024-7425

7.2HIGH

Key Information:

Vendor: WP All Import
Status: WP All Export Pro
Vendor: CVE Published:; 7 February 2025

Summary

The WP ALL Export Pro plugin for WordPress is susceptible to unauthorized data modification due to inadequate user input validation and sanitization processes present in all versions up to and including 1.9.1. This vulnerability enables authenticated users, at least with Shop Manager-level access, to alter site options arbitrarily. Attackers can manipulate registration roles, potentially granting themselves administrative access by enabling user registration on compromised sites.

Affected Version(s)

WP All Export Pro * <= 1.9.1

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://www.wpallimport.com/upgrade-to-wp-all-export-pro/

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 7, 2025
Vulnerability Reserved
Aug 2, 2024

Credit

Francesco Carlucci