CVE-2023-4724 : The Export any WordPress data to XML/CSV WordPress plugin before 1.4.0, WP All E

The Export any WordPress data to XML/CSV WordPress plugin before 1.4.0, WP All Export Pro WordPress plugin before 1.8.6 does not validate and sanitise the `wp_query` parameter which allows an attacker to run arbitrary command on the remote server

Published 2023-12-18 20:15:08

Updated 2023-12-21 18:41:59

Source WPScan

View at NVD, CVE.org

Products affected by CVE-2023-4724

Soflyy » Wp All Export » PRO Edition For Wordpress
Versions before (<) 1.8.6
cpe:2.3:a:soflyy:wp_all_export:*:*:*:*:pro:wordpress:*:*
Matching versions
Soflyy » Export Any Wordpress Data To Xml/csv » For Wordpress
Versions before (<) 1.4.0
cpe:2.3:a:soflyy:export_any_wordpress_data_to_xml\/csv:*:*:*:*:*:wordpress:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2023-4724

EPSS FAQ

0.75%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 72 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-4724

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.2	HIGH	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	1.2	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: High User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

References for CVE-2023-4724

https://wpscan.com/vulnerability/48820f1d-45cb-4f1f-990d-d132bfc5536f

Just a moment...
Exploit;Third Party Advisory

Jump to

Vulnerability Details : CVE-2023-4724

Products affected by CVE-2023-4724

Exploit prediction scoring system (EPSS) score for CVE-2023-4724

CVSS scores for CVE-2023-4724

References for CVE-2023-4724