Description The plugin does not validate and sanitise the wp_query
parameter which allows an attacker to run arbitrary command on the remote server
1. Go to "All Export" > "New Export"
2. Select "WP Query Results" as the export type
3. Enter the payload `phpinfo()` for the query.
4. Click customize and see the execution of `phpinfo()` when the page loads.