CVE-2023-4724

HIGH EPSS 62.9%

Published Dec 18, 20232y ago · Modified Jun 17, 20261w ago

7.2 CVSS 3.1

High

Published Dec 18, 2023 2y ago

Last Modified Jun 17, 2026 1w ago

Description

The Export any WordPress data to XML/CSV WordPress plugin before 1.4.0, WP All Export Pro WordPress plugin before 1.8.6 does not validate and sanitise the `wp_query` parameter which allows an attacker to run arbitrary command on the remote server

CVSS Details

Base Score

7.2

Exploitability

1.2

Impact

5.9

Vector string

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector Network

Attack Complexity Low

Privileges Required High

User Interaction None

Scope Unchanged

Confidentiality High

Integrity High

Availability High

Threat Intelligence

EPSS Exploit Probability

62.9% percentile

Exploit & Patch Status

Public Exploit Known

No Patch Available

Affected Products 2

Vendor	Product	Version	Range
soflyy	export_any_wordpress_data_to_xml\/csv	*	<1.4.0
soflyy	wp_all_export	*	<1.8.6

References 1

wpscan.com https://wpscan.com/vulnerability/48820f1d-45cb-4f1f-990d-d132bfc5536f

ExploitThird Party Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.