WordPress Awesome Import & Export Plugin Privilege Escalation and Arbitrary SQL Execution Vulnerability

Vulnerability

A vulnerability allowing arbitrary SQL execution and privilege escalation has been identified in the WordPress Awesome Import & Export Plugin - Import & Export WordPress Data, affecting all versions through 4.1.1. The issue arises from a missing capability check in the renderImport() function, which enables authenticated attackers with Subscriber-level access and above to execute arbitrary SQL statements. This could be exploited to create a new administrative user account.

Impact

Exploitation of this vulnerability could lead to unauthorized SQL execution, allowing attackers to manipulate the database. Additionally, it could be used to escalate privileges by creating a new administrative user account.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

5.2

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

5.2

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WordPress Awesome Import & Export Plugin Privilege Escalation and Arbitrary SQL Execution Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating