{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-16T20:19:10.751","vulnerabilities":[{"cve":{"id":"CVE-2024-7419","sourceIdentifier":"security@wordfence.com","published":"2025-02-07T16:15:39.100","lastModified":"2025-02-11T19:25:14.023","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"The WP ALL Export Pro plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.9.1 via the custom export fields. This is due to the missing input validation and sanitization of user-supplied data. This makes it possible for unauthenticated attackers to inject arbitrary PHP code into form fields that get executed on the server during the export, potentially leading to a complete site compromise. \r\nAs a prerequisite, the custom export field should include fields containing user-supplied data."},{"lang":"es","value":"El complemento WP ALL Export Pro para WordPress es vulnerable a la ejecución remota de código en todas las versiones hasta la 1.9.1 incluida a través de los campos de exportación personalizados. Esto se debe a la falta de validación de entrada y de depuración de los datos proporcionados por el usuario. Esto hace posible que atacantes no autenticados inyecten código PHP arbitrario en los campos de formulario que se ejecutan en el servidor durante la exportación, lo que puede provocar un compromiso total del sitio. Como requisito previo, el campo de exportación personalizado debe incluir campos que contengan datos proporcionados por el usuario."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H","baseScore":8.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":6.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-94"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:soflyy:wp_all_export:*:*:*:*:pro:wordpress:*:*","versionEndExcluding":"1.9.2","matchCriteriaId":"93DAC402-B7C2-4782-B1C2-3A1460C1AEA9"}]}]}],"references":[{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/40b57370-4fd7-4316-9e99-a3f1d34616e8?source=cve","source":"security@wordfence.com","tags":["Third Party Advisory"]},{"url":"https://www.wpallimport.com/upgrade-to-wp-all-export-pro/","source":"security@wordfence.com","tags":["Product"]}]}}]}