CVE-2022-0914
MEDIUMExport All URLs < 4.3 - Cross-Site Request Forgery via Data Export
Title source: llmDescription
The Export All URLs WordPress plugin before 4.3 does not have CSRF in place when exporting data, which could allow attackers to make a logged in admin export all posts and pages (including private and draft) into an arbitrary CSV file, which the attacker can then download and retrieve the list of titles for example
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://wpscan.com/vulnerability/c328be28-75dd-43db-a5b9-c1ba0636c930
Scores
CVSS v3
6.5
EPSS
0.0063
EPSS Percentile
46.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Details
CWE
CWE-352
Status
published
Products (1)
atlasgondal/export_all_urls
< 4.3
Published
Apr 11, 2022
Tracked Since
Feb 18, 2026