WP All Export Pro Privilege Escalation Vulnerability
Vulnerability
A vulnerability in the WP All Export Pro plugin for WordPress, present in all versions through 1.9.1, allows for unauthorized data modification that could lead to privilege escalation. This issue arises from inadequate validation and sanitization of user input, enabling authenticated attackers with Shop Manager-level access or higher to alter arbitrary options on the WordPress site. Exploitation of this vulnerability could involve changing the default registration role to administrator and activating user registration, thereby granting administrative access to the attacker on the compromised site.
Impact
Exploitation of this vulnerability could allow an attacker to gain administrative access to a WordPress site by manipulating user roles and registration settings.
Remediation
Users are advised to update the WP All Export Pro plugin to version 1.9.2 or a later patched version.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.