Primary

Context

WP All Export Pro Remote Code Execution Vulnerability

Vulnerability

Patched

A remote code execution vulnerability exists in the WP All Export Pro plugin for WordPress, affecting all versions through 1.9.1. The issue arises from inadequate input validation and sanitization of user-supplied data in custom export fields. This vulnerability allows unauthenticated attackers to inject arbitrary PHP code into form fields, which is executed on the server during the export process, potentially compromising the entire site. The vulnerability requires the custom export field to include user-supplied data.

Impact

Exploitation of this vulnerability allows for remote code execution on the server where WordPress is hosted, with the executed code running in the context of the web server.

Remediation

Users are advised to update the WP All Export Pro plugin to version 1.9.2 or a newer patched version.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

10.0

exploitability

7.6

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

10.0

exploitability

7.6

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WP All Export Pro Remote Code Execution Vulnerability

Vulnerability

Impact

Remediation

Affected Products

WP All Export Pro

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating