Vulnerability — CVE-2022-3395

CVE-2022-3395

Reference to the description:: https://nvd.nist.gov/vuln/detail/CVE-2022-3395
Description:: The WP All Export Pro WordPress plugin before 1.7.9 uses the contents of the cc_sql POST parameter directly as a database query, allowing users which has been given permission to run exports to execute arbitrary SQL statements, leading to a SQL Injection vulnerability. By default only users with the Administrator role can perform exports, but this can be delegated to lower privileged users as well.
Last updated date:: 10/26/2022

Type:: exploit
Confidence:: HIGH
Date of publishing:: 10/26/2022
Reference url to background: https://wpscan.com/vulnerability/10742154-368a-40be-a67d-80ea848493a0