Lucene search
Unlock SecurityWPEX-ID:48820F1D-45CB-4F1F-990D-D132BFC5536FHistoryNov 21, 2023 - 12:00 a.m.
WP All Export (Free < 1.4.0, Pro < 1.8.6) - Admin+ RCE
2023-11-2100:00:00
Unlock Security
59
wp all export
admin
rce
vulnerability
free < 1.4.0
pro < 1.8.6
remote code execution
Description The plugin does not validate and sanitise the wp_query parameter which allows an attacker to run arbitrary command on the remote server
1. Go to "All Export" > "New Export"
2. Select "WP Query Results" as the export type
3. Enter the payload `phpinfo()` for the query.
4. Click customize and see the execution of `phpinfo()` when the page loads.Related
prion
prion
Command injection
2023-12-18 20:15:00
wpvulndb
wpvulndb
WP All Export (Free < 1.4.0, Pro < 1.8.6) - Admin+ RCE
2023-11-21 00:00:00
nvd
nvd
CVE-2023-4724
2023-12-18 20:15:08
cve
cve
CVE-2023-4724
2023-12-18 20:15:08
cvelist
cvelist
CVE-2023-4724 WP All Export (Free < 1.4.0, Pro < 1.8.6) - Admin+ RCE
2023-12-18 20:08:04
wordfence
wordfence
AI Score
9.7
Confidence
High
EPSS
0.001
Percentile
19.3%
Related for WPEX-ID:48820F1D-45CB-4F1F-990D-D132BFC5536F