During a security research I found an authenticated SQL Injection vulnerability. The name of the plugin is: Export any WordPress data to XML/CSV, the version of the affected plugin: < 1.3.5
The plugin does not sanitize the cpt POST parameter when exporting post data before using it in a database query, leading to an SQL injection vulnerability.
1. Go to the All Export > New Export screen in the WordPress admin. 2. Now click on Specific Post Type > Posts. 3. Click now on Migrate Posts and intercept this request and look for the name cpt: Content-Disposition: form-data; name="cpt" post Change it to: Content-Disposition: form-data; name="cpt" post'+(select*from(select(sleep(10)))a)+' Now you will see a later response of 10 seconds, thus confirming the authenticity of the sqli vulnerability.
NIST CVSS SCORE: 7.2
Plugin has more than 90,000+ active installations.