Description The plugin does not validate and sanitise the wp_query
parameter which allows an attacker to run arbitrary command on the remote server
1. Go to “All Export” > “New Export” 2. Select “WP Query Results” as the export type 3. Enter the payload phpinfo()
for the query. 4. Click customize and see the execution of phpinfo()
when the page loads.