The Export any WordPress data to XML/CSV WordPress plugin before 1.4.0, WP All Export Pro WordPress plugin before 1.8.6 does not check nonce tokens early enough in the request lifecycle, allowing attackers to make logged in users perform unwanted actions leading to remote code execution.
Metrics
Affected Vendors & Products
References
History
Thu, 21 Nov 2024 20:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: WPScan
Published: 2023-12-18T20:08:04.861Z
Updated: 2024-11-21T19:22:55.348Z
Reserved: 2023-10-31T14:23:44.548Z
Link: CVE-2023-5882
Vulnrichment
Updated: 2024-08-02T08:14:24.678Z
NVD
Status : Modified
Published: 2023-12-18T20:15:08.603
Modified: 2024-11-21T08:42:42.277
Link: CVE-2023-5882
Redhat
No data.