CVE Vulnerabilities

CVE-2023-4724

Published: Dec 18, 2023 | Modified: Dec 21, 2023

CVSS 3.x

7.2

HIGH

Source:

NVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVSS 2.x

RedHat/V2

RedHat/V3

Ubuntu

Additional information

NVD	https://nvd.nist.gov/vuln/detail/CVE-2023-4724
CWE	https://cwe.mitre.org/data/definitions/.html

The Export any WordPress data to XML/CSV WordPress plugin before 1.4.0, WP All Export Pro WordPress plugin before 1.8.6 does not validate and sanitise the wp_query parameter which allows an attacker to run arbitrary command on the remote server

Affected Software

Name	Vendor	Start Version	End Version
Export_any_wordpress_data_to_xml/csv	Soflyy	*	1.4.0 (excluding)
Wp_all_export	Soflyy	*	1.8.6 (excluding)

References

https://wpscan.com/vulnerability/48820f1d-45cb-4f1f-990d-d132bfc5536f

Aqua Container Security

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.