Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
10 vulnerabilities found for Export WP Page to Static HTML/CSS by ReCorp
CVE-2026-24574 (GCVE-0-2026-24574)
Vulnerability from nvd – Published: 2026-05-25 21:07 – Updated: 2026-05-26 10:53 X_Open Source
VLAI
Title
WordPress Export WP Page to Static HTML/CSS plugin <= 6.0.0 - Cross Site Request Forgery (CSRF) vulnerability
Summary
Cross-Site Request Forgery (CSRF) vulnerability in Recorp Export WP Page to Static HTML/CSS allows Cross Site Request Forgery.
This issue affects Export WP Page to Static HTML/CSS: from n/a through 6.0.0.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/wordpress/plugin/… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Recorp | Export WP Page to Static HTML/CSS |
Affected:
n/a , ≤ 6.0.0
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-24574",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-26T10:38:48.387389Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-26T10:53:40.614Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "export-wp-page-to-static-html",
"product": "Export WP Page to Static HTML/CSS",
"vendor": "Recorp",
"versions": [
{
"changes": [
{
"at": "6.0.1",
"status": "unaffected"
}
],
"lessThanOrEqual": "6.0.0",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Nabil Irawan | Patchstack Bug Bounty Program"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Recorp Export WP Page to Static HTML/CSS allows Cross Site Request Forgery.\u003cp\u003eThis issue affects Export WP Page to Static HTML/CSS: from n/a through 6.0.0.\u003c/p\u003e"
}
],
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Recorp Export WP Page to Static HTML/CSS allows Cross Site Request Forgery.\n\nThis issue affects Export WP Page to Static HTML/CSS: from n/a through 6.0.0."
}
],
"impacts": [
{
"capecId": "CAPEC-62",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-62 Cross Site Request Forgery"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-25T21:07:12.854Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/wordpress/plugin/export-wp-page-to-static-html/vulnerability/wordpress-export-wp-page-to-static-html-css-plugin-6-0-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update the WordPress Export WP Page to Static HTML/CSS Plugin to the latest available version (at least 6.0.1)."
}
],
"value": "Update the WordPress Export WP Page to Static HTML/CSS Plugin to the latest available version (at least 6.0.1)."
}
],
"source": {
"discovery": "EXTERNAL"
},
"tags": [
"x_open-source"
],
"title": "WordPress Export WP Page to Static HTML/CSS plugin \u003c= 6.0.0 - Cross Site Request Forgery (CSRF) vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2026-24574",
"datePublished": "2026-05-25T21:07:12.854Z",
"dateReserved": "2026-01-23T12:32:02.838Z",
"dateUpdated": "2026-05-26T10:53:40.614Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-58980 (GCVE-0-2025-58980)
Vulnerability from nvd – Published: 2025-09-09 16:33 – Updated: 2026-04-28 16:13
VLAI
Title
WordPress Export WP Page to Static HTML/CSS Plugin <= 4.1.0 - Broken Access Control Vulnerability
Summary
Missing Authorization vulnerability in recorp Export WP Page to Static HTML/CSS export-wp-page-to-static-html allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Export WP Page to Static HTML/CSS: from n/a through <= 4.1.0.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-862 - Missing Authorization
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/Wordpress/Plugin/… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| recorp | Export WP Page to Static HTML/CSS |
Affected:
0 , ≤ 4.1.0
(custom)
|
Date Public
2026-04-01 16:42
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-58980",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-09T17:44:20.612546Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-09T17:45:27.311Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "export-wp-page-to-static-html",
"product": "Export WP Page to Static HTML/CSS",
"vendor": "recorp",
"versions": [
{
"changes": [
{
"at": "4.2.0",
"status": "unaffected"
}
],
"lessThanOrEqual": "4.1.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Bao - BlueRock | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T16:42:59.375Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing Authorization vulnerability in recorp Export WP Page to Static HTML/CSS export-wp-page-to-static-html allows Accessing Functionality Not Properly Constrained by ACLs.\u003cp\u003eThis issue affects Export WP Page to Static HTML/CSS: from n/a through \u003c= 4.1.0.\u003c/p\u003e"
}
],
"value": "Missing Authorization vulnerability in recorp Export WP Page to Static HTML/CSS export-wp-page-to-static-html allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Export WP Page to Static HTML/CSS: from n/a through \u003c= 4.1.0."
}
],
"impacts": [
{
"capecId": "CAPEC-1",
"descriptions": [
{
"lang": "en",
"value": "Accessing Functionality Not Properly Constrained by ACLs"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:13:50.870Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/export-wp-page-to-static-html/vulnerability/wordpress-export-wp-page-to-static-html-css-plugin-4-1-0-broken-access-control-vulnerability?_s_id=cve"
}
],
"title": "WordPress Export WP Page to Static HTML/CSS Plugin \u003c= 4.1.0 - Broken Access Control Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2025-58980",
"datePublished": "2025-09-09T16:33:16.719Z",
"dateReserved": "2025-09-06T04:45:16.550Z",
"dateUpdated": "2026-04-28T16:13:50.870Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-3597 (GCVE-0-2024-3597)
Vulnerability from nvd – Published: 2024-06-20 02:08 – Updated: 2026-04-08 16:54
VLAI
Title
Export WP Page to Static HTML/CSS <= 2.2.2 - Open Redirect
Summary
The Export WP Page to Static HTML/CSS plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 2.2.2. This is due to insufficient validation on the redirect url supplied via the rc_exported_zip_file parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.
Severity
7.1 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| recorp | Export WordPress Pages to Static HTML & PDF — Static Site Export |
Affected:
0 , ≤ 2.2.2
(semver)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:12:07.836Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/598e2c2e-7dd5-435e-a366-6c7569243f2a?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/export-wp-page-to-static-html/trunk/admin/class-export-wp-page-to-static-html-admin.php#L1289"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3597",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-09T18:46:56.801827Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-09T18:47:05.540Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Export WordPress Pages to Static HTML \u0026 PDF \u2014 Static Site Export",
"vendor": "recorp",
"versions": [
{
"lessThanOrEqual": "2.2.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Krzysztof Zaj\u0105c"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Export WP Page to Static HTML/CSS plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 2.2.2. This is due to insufficient validation on the redirect url supplied via the rc_exported_zip_file parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:54:51.501Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/598e2c2e-7dd5-435e-a366-6c7569243f2a?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/export-wp-page-to-static-html/trunk/admin/class-export-wp-page-to-static-html-admin.php#L1289"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3110378/"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-06-19T12:17:06.000Z",
"value": "Disclosed"
}
],
"title": "Export WP Page to Static HTML/CSS \u003c= 2.2.2 - Open Redirect"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-3597",
"datePublished": "2024-06-20T02:08:23.945Z",
"dateReserved": "2024-04-10T15:28:21.467Z",
"dateUpdated": "2026-04-08T16:54:51.501Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-6369 (GCVE-0-2023-6369)
Vulnerability from nvd – Published: 2024-01-11 08:32 – Updated: 2026-04-08 16:50
VLAI
Title
Export WP Page to Static HTML/CSS <= 2.1.9 - Missing Authorization via Multiple AJAX Actions
Summary
The Export WP Page to Static HTML/CSS plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on multiple AJAX actions in all versions up to, and including, 2.1.9. This makes it possible for authenticated attackers, with subscriber-level access and above, to disclose sensitive information or perform unauthorized actions, such as saving advanced plugin settings.
Severity
5.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-862 - Missing Authorization
Assigner
References
9 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| recorp | Export WordPress Pages to Static HTML & PDF — Static Site Export |
Affected:
0 , ≤ 2.1.9
(semver)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:28:21.780Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/47cb48aa-b556-4f25-ac68-ff0a812972c1?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/export-wp-page-to-static-html/trunk/admin/includes/AjaxRequests/cancelRcExportProcess.php#L23"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/export-wp-page-to-static-html/trunk/admin/includes/AjaxRequests/deleteExportedZipFile.php#L24"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/export-wp-page-to-static-html/trunk/admin/includes/AjaxRequests/exportLogPercentage.php#L23"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/export-wp-page-to-static-html/trunk/admin/includes/AjaxRequests/requestForWpPageToStaticHtml.php#L24"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/export-wp-page-to-static-html/trunk/admin/includes/AjaxRequests/saveAdvancedSettings.php#L22"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/export-wp-page-to-static-html/trunk/admin/includes/AjaxRequests/searchPosts.php#L24"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/export-wp-page-to-static-html/trunk/admin/includes/AjaxRequests/seeLogsInDetails.php#L22"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/3002740/export-wp-page-to-static-html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-6369",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T15:55:49.907493Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-03T14:09:37.869Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Export WordPress Pages to Static HTML \u0026 PDF \u2014 Static Site Export",
"vendor": "recorp",
"versions": [
{
"lessThanOrEqual": "2.1.9",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Alex Thomas"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Export WP Page to Static HTML/CSS plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on multiple AJAX actions in all versions up to, and including, 2.1.9. This makes it possible for authenticated attackers, with subscriber-level access and above, to disclose sensitive information or perform unauthorized actions, such as saving advanced plugin settings."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:50:07.036Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/47cb48aa-b556-4f25-ac68-ff0a812972c1?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/export-wp-page-to-static-html/trunk/admin/includes/AjaxRequests/cancelRcExportProcess.php#L23"
},
{
"url": "https://plugins.trac.wordpress.org/browser/export-wp-page-to-static-html/trunk/admin/includes/AjaxRequests/deleteExportedZipFile.php#L24"
},
{
"url": "https://plugins.trac.wordpress.org/browser/export-wp-page-to-static-html/trunk/admin/includes/AjaxRequests/exportLogPercentage.php#L23"
},
{
"url": "https://plugins.trac.wordpress.org/browser/export-wp-page-to-static-html/trunk/admin/includes/AjaxRequests/requestForWpPageToStaticHtml.php#L24"
},
{
"url": "https://plugins.trac.wordpress.org/browser/export-wp-page-to-static-html/trunk/admin/includes/AjaxRequests/saveAdvancedSettings.php#L22"
},
{
"url": "https://plugins.trac.wordpress.org/browser/export-wp-page-to-static-html/trunk/admin/includes/AjaxRequests/searchPosts.php#L24"
},
{
"url": "https://plugins.trac.wordpress.org/browser/export-wp-page-to-static-html/trunk/admin/includes/AjaxRequests/seeLogsInDetails.php#L22"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3002740/export-wp-page-to-static-html"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-10-30T00:00:00.000Z",
"value": "Discovered"
},
{
"lang": "en",
"time": "2023-10-31T00:00:00.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2023-11-28T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "Export WP Page to Static HTML/CSS \u003c= 2.1.9 - Missing Authorization via Multiple AJAX Actions"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2023-6369",
"datePublished": "2024-01-11T08:32:33.836Z",
"dateReserved": "2023-11-28T16:49:15.827Z",
"dateUpdated": "2026-04-08T16:50:07.036Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-31077 (GCVE-0-2023-31077)
Vulnerability from nvd – Published: 2023-11-10 13:36 – Updated: 2026-04-29 09:51
VLAI
Title
WordPress Export WP Page to Static HTML/CSS Plugin <= 2.1.9 is vulnerable to Cross Site Request Forgery (CSRF)
Summary
Cross-Site Request Forgery (CSRF) vulnerability in ReCorp Export WP Page to Static HTML/CSS plugin <= 2.1.9 versions.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/vulnerability/exp… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ReCorp | Export WP Page to Static HTML/CSS |
Affected:
n/a , ≤ 2.1.9
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:45:25.603Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/export-wp-page-to-static-html/wordpress-export-wp-page-to-static-html-css-plugin-2-1-9-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31077",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-03T17:51:22.373583Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-03T17:51:34.624Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "export-wp-page-to-static-html",
"product": "Export WP Page to Static HTML/CSS",
"vendor": "ReCorp",
"versions": [
{
"lessThanOrEqual": "2.1.9",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "konagash (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in ReCorp Export WP Page to Static HTML/CSS plugin \u003c=\u003cspan style=\"background-color: var(--wht);\"\u003e\u00a02.1.9 versions.\u003c/span\u003e"
}
],
"value": "Cross-Site Request Forgery (CSRF) vulnerability in ReCorp Export WP Page to Static HTML/CSS plugin \u003c=\u00a02.1.9 versions."
}
],
"impacts": [
{
"capecId": "CAPEC-62",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-62 Cross Site Request Forgery"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-29T09:51:50.862Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/export-wp-page-to-static-html/wordpress-export-wp-page-to-static-html-css-plugin-2-1-9-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress Export WP Page to Static HTML/CSS Plugin \u003c= 2.1.9 is vulnerable to Cross Site Request Forgery (CSRF)",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2023-31077",
"datePublished": "2023-11-10T13:36:15.359Z",
"dateReserved": "2023-04-24T05:42:59.932Z",
"dateUpdated": "2026-04-29T09:51:50.862Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-24574 (GCVE-0-2026-24574)
Vulnerability from cvelistv5 – Published: 2026-05-25 21:07 – Updated: 2026-05-26 10:53 X_Open Source
VLAI
Title
WordPress Export WP Page to Static HTML/CSS plugin <= 6.0.0 - Cross Site Request Forgery (CSRF) vulnerability
Summary
Cross-Site Request Forgery (CSRF) vulnerability in Recorp Export WP Page to Static HTML/CSS allows Cross Site Request Forgery.
This issue affects Export WP Page to Static HTML/CSS: from n/a through 6.0.0.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/wordpress/plugin/… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Recorp | Export WP Page to Static HTML/CSS |
Affected:
n/a , ≤ 6.0.0
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-24574",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-26T10:38:48.387389Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-26T10:53:40.614Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "export-wp-page-to-static-html",
"product": "Export WP Page to Static HTML/CSS",
"vendor": "Recorp",
"versions": [
{
"changes": [
{
"at": "6.0.1",
"status": "unaffected"
}
],
"lessThanOrEqual": "6.0.0",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Nabil Irawan | Patchstack Bug Bounty Program"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Recorp Export WP Page to Static HTML/CSS allows Cross Site Request Forgery.\u003cp\u003eThis issue affects Export WP Page to Static HTML/CSS: from n/a through 6.0.0.\u003c/p\u003e"
}
],
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Recorp Export WP Page to Static HTML/CSS allows Cross Site Request Forgery.\n\nThis issue affects Export WP Page to Static HTML/CSS: from n/a through 6.0.0."
}
],
"impacts": [
{
"capecId": "CAPEC-62",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-62 Cross Site Request Forgery"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-25T21:07:12.854Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/wordpress/plugin/export-wp-page-to-static-html/vulnerability/wordpress-export-wp-page-to-static-html-css-plugin-6-0-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update the WordPress Export WP Page to Static HTML/CSS Plugin to the latest available version (at least 6.0.1)."
}
],
"value": "Update the WordPress Export WP Page to Static HTML/CSS Plugin to the latest available version (at least 6.0.1)."
}
],
"source": {
"discovery": "EXTERNAL"
},
"tags": [
"x_open-source"
],
"title": "WordPress Export WP Page to Static HTML/CSS plugin \u003c= 6.0.0 - Cross Site Request Forgery (CSRF) vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2026-24574",
"datePublished": "2026-05-25T21:07:12.854Z",
"dateReserved": "2026-01-23T12:32:02.838Z",
"dateUpdated": "2026-05-26T10:53:40.614Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-58980 (GCVE-0-2025-58980)
Vulnerability from cvelistv5 – Published: 2025-09-09 16:33 – Updated: 2026-04-28 16:13
VLAI
Title
WordPress Export WP Page to Static HTML/CSS Plugin <= 4.1.0 - Broken Access Control Vulnerability
Summary
Missing Authorization vulnerability in recorp Export WP Page to Static HTML/CSS export-wp-page-to-static-html allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Export WP Page to Static HTML/CSS: from n/a through <= 4.1.0.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-862 - Missing Authorization
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/Wordpress/Plugin/… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| recorp | Export WP Page to Static HTML/CSS |
Affected:
0 , ≤ 4.1.0
(custom)
|
Date Public
2026-04-01 16:42
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-58980",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-09T17:44:20.612546Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-09T17:45:27.311Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "export-wp-page-to-static-html",
"product": "Export WP Page to Static HTML/CSS",
"vendor": "recorp",
"versions": [
{
"changes": [
{
"at": "4.2.0",
"status": "unaffected"
}
],
"lessThanOrEqual": "4.1.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Bao - BlueRock | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T16:42:59.375Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing Authorization vulnerability in recorp Export WP Page to Static HTML/CSS export-wp-page-to-static-html allows Accessing Functionality Not Properly Constrained by ACLs.\u003cp\u003eThis issue affects Export WP Page to Static HTML/CSS: from n/a through \u003c= 4.1.0.\u003c/p\u003e"
}
],
"value": "Missing Authorization vulnerability in recorp Export WP Page to Static HTML/CSS export-wp-page-to-static-html allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Export WP Page to Static HTML/CSS: from n/a through \u003c= 4.1.0."
}
],
"impacts": [
{
"capecId": "CAPEC-1",
"descriptions": [
{
"lang": "en",
"value": "Accessing Functionality Not Properly Constrained by ACLs"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:13:50.870Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/export-wp-page-to-static-html/vulnerability/wordpress-export-wp-page-to-static-html-css-plugin-4-1-0-broken-access-control-vulnerability?_s_id=cve"
}
],
"title": "WordPress Export WP Page to Static HTML/CSS Plugin \u003c= 4.1.0 - Broken Access Control Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2025-58980",
"datePublished": "2025-09-09T16:33:16.719Z",
"dateReserved": "2025-09-06T04:45:16.550Z",
"dateUpdated": "2026-04-28T16:13:50.870Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-3597 (GCVE-0-2024-3597)
Vulnerability from cvelistv5 – Published: 2024-06-20 02:08 – Updated: 2026-04-08 16:54
VLAI
Title
Export WP Page to Static HTML/CSS <= 2.2.2 - Open Redirect
Summary
The Export WP Page to Static HTML/CSS plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 2.2.2. This is due to insufficient validation on the redirect url supplied via the rc_exported_zip_file parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.
Severity
7.1 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| recorp | Export WordPress Pages to Static HTML & PDF — Static Site Export |
Affected:
0 , ≤ 2.2.2
(semver)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:12:07.836Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/598e2c2e-7dd5-435e-a366-6c7569243f2a?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/export-wp-page-to-static-html/trunk/admin/class-export-wp-page-to-static-html-admin.php#L1289"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3597",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-09T18:46:56.801827Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-09T18:47:05.540Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Export WordPress Pages to Static HTML \u0026 PDF \u2014 Static Site Export",
"vendor": "recorp",
"versions": [
{
"lessThanOrEqual": "2.2.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Krzysztof Zaj\u0105c"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Export WP Page to Static HTML/CSS plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 2.2.2. This is due to insufficient validation on the redirect url supplied via the rc_exported_zip_file parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:54:51.501Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/598e2c2e-7dd5-435e-a366-6c7569243f2a?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/export-wp-page-to-static-html/trunk/admin/class-export-wp-page-to-static-html-admin.php#L1289"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3110378/"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-06-19T12:17:06.000Z",
"value": "Disclosed"
}
],
"title": "Export WP Page to Static HTML/CSS \u003c= 2.2.2 - Open Redirect"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-3597",
"datePublished": "2024-06-20T02:08:23.945Z",
"dateReserved": "2024-04-10T15:28:21.467Z",
"dateUpdated": "2026-04-08T16:54:51.501Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-6369 (GCVE-0-2023-6369)
Vulnerability from cvelistv5 – Published: 2024-01-11 08:32 – Updated: 2026-04-08 16:50
VLAI
Title
Export WP Page to Static HTML/CSS <= 2.1.9 - Missing Authorization via Multiple AJAX Actions
Summary
The Export WP Page to Static HTML/CSS plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on multiple AJAX actions in all versions up to, and including, 2.1.9. This makes it possible for authenticated attackers, with subscriber-level access and above, to disclose sensitive information or perform unauthorized actions, such as saving advanced plugin settings.
Severity
5.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-862 - Missing Authorization
Assigner
References
9 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| recorp | Export WordPress Pages to Static HTML & PDF — Static Site Export |
Affected:
0 , ≤ 2.1.9
(semver)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:28:21.780Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/47cb48aa-b556-4f25-ac68-ff0a812972c1?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/export-wp-page-to-static-html/trunk/admin/includes/AjaxRequests/cancelRcExportProcess.php#L23"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/export-wp-page-to-static-html/trunk/admin/includes/AjaxRequests/deleteExportedZipFile.php#L24"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/export-wp-page-to-static-html/trunk/admin/includes/AjaxRequests/exportLogPercentage.php#L23"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/export-wp-page-to-static-html/trunk/admin/includes/AjaxRequests/requestForWpPageToStaticHtml.php#L24"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/export-wp-page-to-static-html/trunk/admin/includes/AjaxRequests/saveAdvancedSettings.php#L22"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/export-wp-page-to-static-html/trunk/admin/includes/AjaxRequests/searchPosts.php#L24"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/export-wp-page-to-static-html/trunk/admin/includes/AjaxRequests/seeLogsInDetails.php#L22"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/3002740/export-wp-page-to-static-html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-6369",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T15:55:49.907493Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-03T14:09:37.869Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Export WordPress Pages to Static HTML \u0026 PDF \u2014 Static Site Export",
"vendor": "recorp",
"versions": [
{
"lessThanOrEqual": "2.1.9",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Alex Thomas"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Export WP Page to Static HTML/CSS plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on multiple AJAX actions in all versions up to, and including, 2.1.9. This makes it possible for authenticated attackers, with subscriber-level access and above, to disclose sensitive information or perform unauthorized actions, such as saving advanced plugin settings."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:50:07.036Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/47cb48aa-b556-4f25-ac68-ff0a812972c1?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/export-wp-page-to-static-html/trunk/admin/includes/AjaxRequests/cancelRcExportProcess.php#L23"
},
{
"url": "https://plugins.trac.wordpress.org/browser/export-wp-page-to-static-html/trunk/admin/includes/AjaxRequests/deleteExportedZipFile.php#L24"
},
{
"url": "https://plugins.trac.wordpress.org/browser/export-wp-page-to-static-html/trunk/admin/includes/AjaxRequests/exportLogPercentage.php#L23"
},
{
"url": "https://plugins.trac.wordpress.org/browser/export-wp-page-to-static-html/trunk/admin/includes/AjaxRequests/requestForWpPageToStaticHtml.php#L24"
},
{
"url": "https://plugins.trac.wordpress.org/browser/export-wp-page-to-static-html/trunk/admin/includes/AjaxRequests/saveAdvancedSettings.php#L22"
},
{
"url": "https://plugins.trac.wordpress.org/browser/export-wp-page-to-static-html/trunk/admin/includes/AjaxRequests/searchPosts.php#L24"
},
{
"url": "https://plugins.trac.wordpress.org/browser/export-wp-page-to-static-html/trunk/admin/includes/AjaxRequests/seeLogsInDetails.php#L22"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3002740/export-wp-page-to-static-html"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-10-30T00:00:00.000Z",
"value": "Discovered"
},
{
"lang": "en",
"time": "2023-10-31T00:00:00.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2023-11-28T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "Export WP Page to Static HTML/CSS \u003c= 2.1.9 - Missing Authorization via Multiple AJAX Actions"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2023-6369",
"datePublished": "2024-01-11T08:32:33.836Z",
"dateReserved": "2023-11-28T16:49:15.827Z",
"dateUpdated": "2026-04-08T16:50:07.036Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-31077 (GCVE-0-2023-31077)
Vulnerability from cvelistv5 – Published: 2023-11-10 13:36 – Updated: 2026-04-29 09:51
VLAI
Title
WordPress Export WP Page to Static HTML/CSS Plugin <= 2.1.9 is vulnerable to Cross Site Request Forgery (CSRF)
Summary
Cross-Site Request Forgery (CSRF) vulnerability in ReCorp Export WP Page to Static HTML/CSS plugin <= 2.1.9 versions.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/vulnerability/exp… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ReCorp | Export WP Page to Static HTML/CSS |
Affected:
n/a , ≤ 2.1.9
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:45:25.603Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/export-wp-page-to-static-html/wordpress-export-wp-page-to-static-html-css-plugin-2-1-9-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31077",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-03T17:51:22.373583Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-03T17:51:34.624Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "export-wp-page-to-static-html",
"product": "Export WP Page to Static HTML/CSS",
"vendor": "ReCorp",
"versions": [
{
"lessThanOrEqual": "2.1.9",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "konagash (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in ReCorp Export WP Page to Static HTML/CSS plugin \u003c=\u003cspan style=\"background-color: var(--wht);\"\u003e\u00a02.1.9 versions.\u003c/span\u003e"
}
],
"value": "Cross-Site Request Forgery (CSRF) vulnerability in ReCorp Export WP Page to Static HTML/CSS plugin \u003c=\u00a02.1.9 versions."
}
],
"impacts": [
{
"capecId": "CAPEC-62",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-62 Cross Site Request Forgery"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-29T09:51:50.862Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/export-wp-page-to-static-html/wordpress-export-wp-page-to-static-html-css-plugin-2-1-9-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress Export WP Page to Static HTML/CSS Plugin \u003c= 2.1.9 is vulnerable to Cross Site Request Forgery (CSRF)",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2023-31077",
"datePublished": "2023-11-10T13:36:15.359Z",
"dateReserved": "2023-04-24T05:42:59.932Z",
"dateUpdated": "2026-04-29T09:51:50.862Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}