CVE-2024-7419 (GCVE-0-2024-7419)

Vulnerability from cvelistv5 – Published: 2025-02-07 15:21 – Updated: 2025-02-10 17:14
VLAI?
Summary
The WP ALL Export Pro plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.9.1 via the custom export fields. This is due to the missing input validation and sanitization of user-supplied data. This makes it possible for unauthenticated attackers to inject arbitrary PHP code into form fields that get executed on the server during the export, potentially leading to a complete site compromise. As a prerequisite, the custom export field should include fields containing user-supplied data.
Severity ?
8.3 (High)
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
CWE
  • CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
Impacted products
Vendor Product Version
WP All Import WP All Export Pro Affected: * , ≤ 1.9.1 (semver)
Create a notification for this product.
Credits
Francesco Carlucci
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-7419",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-10T17:13:58.616059Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-10T17:14:14.503Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "WP All Export Pro",
          "vendor": "WP All Import",
          "versions": [
            {
              "lessThanOrEqual": "1.9.1",
              "status": "affected",
              "version": "*",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Francesco Carlucci"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The WP ALL Export Pro plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.9.1 via the custom export fields. This is due to the missing input validation and sanitization of user-supplied data. This makes it possible for unauthenticated attackers to inject arbitrary PHP code into form fields that get executed on the server during the export, potentially leading to a complete site compromise. \r\nAs a prerequisite, the custom export field should include fields containing user-supplied data."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-94",
              "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-07T15:21:05.068Z",
        "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "shortName": "Wordfence"
      },
      "references": [
        {
          "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/40b57370-4fd7-4316-9e99-a3f1d34616e8?source=cve"
        },
        {
          "url": "https://www.wpallimport.com/upgrade-to-wp-all-export-pro/"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-06-01T00:00:00.000+00:00",
          "value": "Discovered"
        },
        {
          "lang": "en",
          "time": "2024-05-30T00:00:00.000+00:00",
          "value": "Vendor Notified"
        },
        {
          "lang": "en",
          "time": "2025-02-07T03:20:47.000+00:00",
          "value": "Disclosed"
        }
      ],
      "title": "WP All Export Pro \u003c= 1.9.1 - Unauthenticated Remote Code Execution via Custom Export Fields"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
    "assignerShortName": "Wordfence",
    "cveId": "CVE-2024-7419",
    "datePublished": "2025-02-07T15:21:05.068Z",
    "dateReserved": "2024-08-02T13:37:44.695Z",
    "dateUpdated": "2025-02-10T17:14:14.503Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-7419\",\"sourceIdentifier\":\"security@wordfence.com\",\"published\":\"2025-02-07T16:15:39.100\",\"lastModified\":\"2025-02-11T19:25:14.023\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The WP ALL Export Pro plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.9.1 via the custom export fields. This is due to the missing input validation and sanitization of user-supplied data. This makes it possible for unauthenticated attackers to inject arbitrary PHP code into form fields that get executed on the server during the export, potentially leading to a complete site compromise. \\r\\nAs a prerequisite, the custom export field should include fields containing user-supplied data.\"},{\"lang\":\"es\",\"value\":\"El complemento WP ALL Export Pro para WordPress es vulnerable a la ejecuci\u00f3n remota de c\u00f3digo en todas las versiones hasta la 1.9.1 incluida a trav\u00e9s de los campos de exportaci\u00f3n personalizados. Esto se debe a la falta de validaci\u00f3n de entrada y de depuraci\u00f3n de los datos proporcionados por el usuario. Esto hace posible que atacantes no autenticados inyecten c\u00f3digo PHP arbitrario en los campos de formulario que se ejecutan en el servidor durante la exportaci\u00f3n, lo que puede provocar un compromiso total del sitio. Como requisito previo, el campo de exportaci\u00f3n personalizado debe incluir campos que contengan datos proporcionados por el usuario.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security@wordfence.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H\",\"baseScore\":8.3,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.6,\"impactScore\":6.0},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security@wordfence.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-94\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:soflyy:wp_all_export:*:*:*:*:pro:wordpress:*:*\",\"versionEndExcluding\":\"1.9.2\",\"matchCriteriaId\":\"93DAC402-B7C2-4782-B1C2-3A1460C1AEA9\"}]}]}],\"references\":[{\"url\":\"https://www.wordfence.com/threat-intel/vulnerabilities/id/40b57370-4fd7-4316-9e99-a3f1d34616e8?source=cve\",\"source\":\"security@wordfence.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.wpallimport.com/upgrade-to-wp-all-export-pro/\",\"source\":\"security@wordfence.com\",\"tags\":[\"Product\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-7419\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-02-10T17:13:58.616059Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-10T17:14:09.720Z\"}}], \"cna\": {\"title\": \"WP All Export Pro \u003c= 1.9.1 - Unauthenticated Remote Code Execution via Custom Export Fields\", \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Francesco Carlucci\"}], \"metrics\": [{\"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 8.3, \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H\"}}], \"affected\": [{\"vendor\": \"WP All Import\", \"product\": \"WP All Export Pro\", \"versions\": [{\"status\": \"affected\", \"version\": \"*\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"1.9.1\"}], \"defaultStatus\": \"unaffected\"}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2024-06-01T00:00:00.000+00:00\", \"value\": \"Discovered\"}, {\"lang\": \"en\", \"time\": \"2024-05-30T00:00:00.000+00:00\", \"value\": \"Vendor Notified\"}, {\"lang\": \"en\", \"time\": \"2025-02-07T03:20:47.000+00:00\", \"value\": \"Disclosed\"}], \"references\": [{\"url\": \"https://www.wordfence.com/threat-intel/vulnerabilities/id/40b57370-4fd7-4316-9e99-a3f1d34616e8?source=cve\"}, {\"url\": \"https://www.wpallimport.com/upgrade-to-wp-all-export-pro/\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"The WP ALL Export Pro plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.9.1 via the custom export fields. This is due to the missing input validation and sanitization of user-supplied data. This makes it possible for unauthenticated attackers to inject arbitrary PHP code into form fields that get executed on the server during the export, potentially leading to a complete site compromise. \\r\\nAs a prerequisite, the custom export field should include fields containing user-supplied data.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-94\", \"description\": \"CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"b15e7b5b-3da4-40ae-a43c-f7aa60e62599\", \"shortName\": \"Wordfence\", \"dateUpdated\": \"2025-02-07T15:21:05.068Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-7419\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-02-10T17:14:14.503Z\", \"dateReserved\": \"2024-08-02T13:37:44.695Z\", \"assignerOrgId\": \"b15e7b5b-3da4-40ae-a43c-f7aa60e62599\", \"datePublished\": \"2025-02-07T15:21:05.068Z\", \"assignerShortName\": \"Wordfence\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.