CVE-2022-3395

Published: Oct 25, 2022

Modified: May 7, 2025

PUBLISHED

Description

The WP All Export Pro WordPress plugin before 1.7.9 uses the contents of the cc_sql POST parameter directly as a database query, allowing users which has been given permission to run exports to execute arbitrary SQL statements, leading to a SQL Injection vulnerability. By default only users with the Administrator role can perform exports, but this can be delegated to lower privileged users as well.

Vendor	Product	Versions
Unknown	WP All Export Pro	affected `1.7.9 - < 1.7.9`

Weaknesses (CWE)

CWE-89

References

https://wpscan.com/vulnerability/10742154-368a-40be-a67d-80ea848493a0

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2022-3395

Description

Affected Products

Weaknesses (CWE)

References