CVE-2023-4724

State: PUBLISHED · Published: 2023-12-18 · Updated: 2025-05-20 · Assigner: WPScan

Description

The Export any WordPress data to XML/CSV WordPress plugin before 1.4.0, WP All Export Pro WordPress plugin before 1.8.6 does not validate and sanitise the `wp_query` parameter which allows an attacker to run arbitrary command on the remote server

CWE

(none)

Affected

Unknown / Export any WordPress data to XML/CSV — v=0 <1.4.0 [affected]
Unknown / WP All Export Pro — v=0 <1.8.6 [affected]

CVSS

(none)

References

https://wpscan.com/vulnerability/48820f1d-45cb-4f1f-990d-d132bfc5536f exploit, vdb-entry, technical-description

Source

cvelistV5-main/cves/2023/4xxx/CVE-2023-4724.json