Smackcoders WP Ultimate Exporter
Moderate fix1 remedy
cpe:2.3:a:smackcoders:ultimate_exporter:*:*:*:*:wordpress:*:*
Moderate fix1 remedy
- <= 2.19
WordPress Export All Posts, Products, Orders, Refunds & Users Plugin Cross-Site Request Forgery Vulnerability
Vulnerability
Patched
A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the WordPress Export All Posts, Products, Orders, Refunds & Users plugin, affecting all versions through 2.19. The vulnerability arises from inadequate nonce validation in the 'parseData' function, allowing unauthenticated attackers to exploit the flaw. By tricking a site administrator into clicking a link, an attacker could export sensitive information such as user data, email addresses, password hashes, and WooCommerce data to a file path controlled by the attacker on the server.
Impact
Exploitation of this vulnerability could lead to unauthorized access and export of sensitive user information, including email addresses, password hashes, and WooCommerce data, to an attacker-controlled location on the server.
Remediation
Users are advised to update the WordPress Export All Posts, Products, Orders, Refunds & Users plugin to version 2.20 or later.
Added: Dec 2, 2025, 5:17 AM
Updated: Dec 2, 2025, 5:17 AM
Vulnerability Rating
Custom Algorithm
spread
2.2impact
2.5exploitability
7.2remediation
7.7relevance
1.2threat
3.2urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.