The Export All Posts, Products, Orders, Refunds & Users plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.9.3 via the exports directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/uploads/smack_uci_uploads/exports/ directory which can contain information like exported user data.
CVSS
No CVSS.
References
Configurations
Configuration 1 (hide)
|
History
25 Feb 2025, 19:37
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:smackcoders:export_all_posts\,_products\,_orders\,_refunds_\&_users:*:*:*:*:*:wordpress:*:* | |
| References | () https://www.wordfence.com/threat-intel/vulnerabilities/id/075709e0-5f00-4d7b-80f6-96e3b4b4a895?source=cve - Third Party Advisory | |
| References | () https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3230400%40wp-ultimate-exporter&new=3230400%40wp-ultimate-exporter&sfp_email=&sfph_mail= - Patch | |
| References | () https://plugins.trac.wordpress.org/browser/wp-ultimate-exporter/trunk/exportExtensions/ExportExtension.php#L1678 - Product | |
| First Time |
Smackcoders export All Posts\, Products\, Orders\, Refunds \& Users
Smackcoders |
12 Feb 2025, 15:15
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
12 Feb 2025, 09:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2025-02-12 09:15
Updated : 2025-02-25 19:37
NVD link : CVE-2024-12315
Mitre link : CVE-2024-12315
JSON object : View
Products Affected
smackcoders
- export_all_posts\,_products\,_orders\,_refunds_\&_users
CWE
CWE-922
Insecure Storage of Sensitive Information