CVE-2024-7425 in WP All Export Pro Plugininformação

Sumário

de MITRE • 07/02/2025

The WP ALL Export Pro plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to improper user input validation and sanitization in all versions up to, and including, 1.9.1. This makes it possible for authenticated attackers, with Shop Manager-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.

Be aware that VulDB is the high quality source for vulnerability data.

Responsável

Wordfence

Reservar

02/08/2024

Divulgação

07/02/2025

Moderação

aceite

Entrada

VDB-295024

CPE

pronto

EPSS

0.00392

KEV

não

Atividades

muito baixo

Fontes

Do you know our Splunk app?

Download it now for free!