CVE-2023-6369
MEDIUMExport WP Page to Static HTML/CSS <2.1.9 - Info Disclosure
Title source: llmDescription
The Export WP Page to Static HTML/CSS plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on multiple AJAX actions in all versions up to, and including, 2.1.9. This makes it possible for authenticated attackers, with subscriber-level access and above, to disclose sensitive information or perform unauthorized actions, such as saving advanced plugin settings.
References (9)
Core 9
Core References
Issue Tracking
https://plugins.trac.wordpress.org/browser/export-wp-page-to-static-html/trunk/admin/includes/AjaxRequests/exportLogPercentage.php#L23
Issue Tracking
https://plugins.trac.wordpress.org/browser/export-wp-page-to-static-html/trunk/admin/includes/AjaxRequests/saveAdvancedSettings.php#L22
Issue Tracking
https://plugins.trac.wordpress.org/browser/export-wp-page-to-static-html/trunk/admin/includes/AjaxRequests/searchPosts.php#L24
Scores
CVSS v3
5.4
EPSS
0.0046
EPSS Percentile
36.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-862
Status
published
Products (2)
myrecorp/export_wp_page_to_static_html\/css
< 2.1.9
recorp/Export WordPress Pages to Static HTML & PDF — Static Site Export
< 2.1.9
Published
Jan 11, 2024
Tracked Since
Feb 18, 2026