Export any WordPress data to XML/CSV <= 1.3.4 is vulnerable to Authenticated SQL Injection (SQLi) vulnerability

Administrator

Published
2022-05-19

The Export any WordPress data to XML/CSV WordPress plugin before 1.3.5 does not sanitize the cpt POST parameter when exporting post data before using it in a database query, leading to an SQL injection vulnerability.

CVE

https://www.cve.org/CVERecord?id=CVE-2022-1800

CVSS

Score:6.6

Severity:Medium

Version: 1.3.4

There is a patch available in v1.3.5 and we strongly recommend you update to this version as soon as possible.