What the vulnerability does
01Description
Missing Authorization vulnerability in brainvireinfo Export All Post Meta export-all-post-meta allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Export All Post Meta: from n/a through <= 1.2.1.
Explanation of Vulnerability in Simple Terms
02Summary
Export All Post Meta contains an authorization flaw that allows authenticated users with low privileges to read post metadata they should not access. The plugin does not properly restrict which posts a user can export metadata from. An attacker with a basic WordPress account can retrieve sensitive post information by exploiting this gap in permission checks.
What an attacker can do
03Attacker Capabilities
Read post metadata from posts they don't have permission to access.
Potential impact on your site
04Site Impact
Sensitive post data may be exposed to low-privilege users who should not see it.
Conditions required to exploit
05Prerequisites
Attacker must have a low-privilege WordPress user account (e.g., subscriber or contributor).
Key dates
06Disclosure timeline
April 1, 2025
CVE published
April 28, 2026
Record updated