WP ALL Export Pro <= 1.7.8 is vulnerable to Authenticated Code Injection vulnerability

The WP ALL Export Pro plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 1.7.8. This allows low-level attackers (depending on whether they have been given permission to perform exports) to execute code on the server. While the plugin defaults to allow only administrators to perform such exports, they can also delegate this task to lower-privileged users.