WordPress Export All Posts, Products, Orders, Refunds & Users Plugin Sensitive Information Exposure Vulnerability

A vulnerability allowing sensitive information exposure has been identified in the WordPress Export All Posts, Products, Orders, Refunds & Users plugin, affecting all versions through 2.9.3. The vulnerability arises from the exports directory, where sensitive data, including exported user information, is stored insecurely. This flaw enables unauthenticated attackers to access and extract this sensitive data from the /wp-content/uploads/smack_uci_uploads/exports/ directory.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive information, such as user data, stored in the vulnerable directory.

Reproduction

The vulnerability can be reproduced by accessing the unprotected exports directory on a WordPress site with the vulnerable plugin version installed. This can be done by navigating to the /wp-content/uploads/smack_uci_uploads/exports/ path, where exported data can be downloaded without authentication.

Remediation

Users are advised to update the Export All Posts, Products, Orders, Refunds & Users plugin to version 2.10 or later.