CVE-2023-5882

Published: Dec 18, 2023Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

The Export any WordPress data to XML/CSV WordPress plugin before 1.4.0, WP All Export Pro WordPress plugin before 1.8.6 does not check nonce tokens early enough in the request lifecycle, allowing attackers to make logged in users perform unwanted actions leading to remote code execution.

Affected (2)

Products: Soflyy: Export Any Wordpress Data To Xml/csv, Wp All Export

2 products

Export Any Wordpress Data To Xml/csv

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Soflyy Export Any Wordpress Data To Xml/csv	Before 1.4.1
Soflyy Wp All Export	Before 1.8.6

Related CWEs

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (2)

https://wpscan.com/vulnerability/72be4b5c-21be-46af-a3f4-08b4c190a7e2

Source: contact@wpscan.com

ExploitThird Party Advisory

https://wpscan.com/vulnerability/72be4b5c-21be-46af-a3f4-08b4c190a7e2

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.