The Export any WordPress data to XML/CSV WordPress plugin before 1.4.0, WP All Export Pro WordPress plugin before 1.8.6 does not check nonce tokens early enough in the request lifecycle, allowing attackers to make logged in users perform unwanted actions leading to remote code execution.
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/72be4b5c-21be-46af-a3f4-08b4c190a7e2 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: WPScan
Published: 2023-12-18T20:08:04.861Z
Updated: 2023-12-18T20:08:04.861Z
Reserved: 2023-10-31T14:23:44.548Z
Link: CVE-2023-5882
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-12-18T20:15:08.603
Modified: 2023-12-21T19:50:45.183
Link: CVE-2023-5882
JSON object: View
Redhat Information
No data.
CWE