CVE-2022-3394

CWE-94Code Injection3 documents3 sources
Severity
7.2HIGH
EPSS
1.2%
top 21.01%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Unknown WP ALL Export PROSoflyy WP ALL Export
Timeline
PublishedOct 25

Description

The WP All Export Pro WordPress plugin before 1.7.9 does not limit some functionality during exports only to users with the Administrator role, allowing any logged in user which has been given privileges to perform exports to execute arbitrary code on the site. By default only administrators can run exports, but the privilege can be delegated to lower privileged users.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

CVEListV5unknown/wp_all_export_pro1.7.91.7.9

🔴Vulnerability Details

2
GHSA
GHSA-vh4p-xvjw-q6rc: The WP All Export Pro WordPress plugin before 12022-10-25
CVEList
WP All Export Pro < 1.7.9 - Authenticated Code Injection2022-10-25
CVE-2022-3394 (HIGH CVSS 7.2) | The WP All Export Pro WordPress plu | cvebase.io