CVE-2022-3394

CVE-2022-3394: WP All Export Pro < 1.7.9 - Authenticated Code Injection

Vendor Unknown
Product WP All Export Pro
Weakness CWE-94 · Code injection
Published October 25, 2022
Last update May 7, 2025

CVSS base score

What the vulnerability does

01Description

The WP All Export Pro WordPress plugin before 1.7.9 does not limit some functionality during exports only to users with the Administrator role, allowing any logged in user which has been given privileges to perform exports to execute arbitrary code on the site. By default only administrators can run exports, but the privilege can be delegated to lower privileged users.

Key dates

02Disclosure timeline

October 25, 2022 CVE published
May 7, 2025 Record updated