CVE-2023-4724

Published: Dec 18, 2023Modified: May 20, 2025

7.2

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.2 / Impact: 5.9

Source: NVD

Description

The Export any WordPress data to XML/CSV WordPress plugin before 1.4.0, WP All Export Pro WordPress plugin before 1.8.6 does not validate and sanitise the `wp_query` parameter which allows an attacker to run arbitrary command on the remote server

Affected (2)

Products: Soflyy: Export Any Wordpress Data To Xml/csv, Wp All Export

Soflyy

2 products

Export Any Wordpress Data To Xml/csv

Wp All Export

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Soflyy Export Any Wordpress Data To Xml/csv	Before 1.4.0
Soflyy Wp All Export	Before 1.8.6

References (2)

https://wpscan.com/vulnerability/48820f1d-45cb-4f1f-990d-d132bfc5536f

Source: contact@wpscan.com

ExploitThird Party Advisory

https://wpscan.com/vulnerability/48820f1d-45cb-4f1f-990d-d132bfc5536f

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.