GCVE - cpe:2.3:a:smackcoders:export_all_posts,_products,_orders,_refunds_&

Approved changes feed: RSS · Atom

cpe:2.3:a:smackcoders:export_all_posts,_products,_orders,_refunds_&_users:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Smackcoders (`e878c6d9-526e-5971-b31d-cb731330415c`)
Product	Export All Posts, Products, Orders, Refunds & Users (`e1f61aae-ae77-5250-bb38-947016c892cb`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-2332`	vulnerable	2026-06-03 15:00:25.274204	Export All Posts, Products, Orders, Refunds & Users <= 2.13 - Unauthenticated PHP Object Injection CRITICAL (9.8) The Export All Posts, Products, Orders, Refunds & Users plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.13 via deserialization of untrusted input in the 'returnMetaValueAsCustomerInput' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present. Published: 2025-03-27T05:22:29.738Z Updated: 2026-04-08T17:10:01.964Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/9546ab46-737c-4bd3-9542-8ab1b776b3ea?source=cve https://plugins.trac.wordpress.org/browser/wp-ultimate-exporter/trunk/exportExtensions/ExportExtension.php#L3332 https://plugins.trac.wordpress.org/changeset/3257504/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-13606`	vulnerable	2026-06-03 14:58:46.571121	Export All Posts, Products, Orders, Refunds & Users <= 2.19 - Cross-Site Request Forgery to Sensitive Information Exposure MEDIUM (6.5) The Export All Posts, Products, Orders, Refunds & Users plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.19. This is due to missing or incorrect nonce validation on the `parseData` function. This makes it possible for unauthenticated attackers to export sensitive information including user data, email addresses, password hashes, and WooCommerce data to an attacker-controlled file path on the server via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Published: 2025-12-02T04:37:14.256Z Updated: 2026-04-08T16:45:53.338Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/3511e110-d091-447d-87c0-25d33900bc30?source=cve https://plugins.trac.wordpress.org/changeset/3405694/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-12315`	vulnerable	2026-06-03 14:54:16.110903	Export All Posts, Products, Orders, Refunds & Users <= 2.9.3 - Information Disclosure Through Unprotected Directory HIGH (7.5) The Export All Posts, Products, Orders, Refunds & Users plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.9.3 via the exports directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/uploads/smack_uci_uploads/exports/ directory which can contain information like exported user data. Published: 2025-02-12T08:25:42.626Z Updated: 2026-04-08T16:33:57.808Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/075709e0-5f00-4d7b-80f6-96e3b4b4a895?source=cve https://plugins.trac.wordpress.org/browser/wp-ultimate-exporter/trunk/exportExtensions/ExportExtension.php#L1678 https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3230400%40wp-ultimate-exporter&new=3230400%40wp-ultimate-exporter&sfp_email=&sfph_mail=	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-45066`	vulnerable	2026-06-03 14:53:07.403066	WordPress WP Ultimate Exporter Plugin <= 2.4.1 is vulnerable to Sensitive Data Exposure MEDIUM (5.9) Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Smackcoders Export All Posts, Products, Orders, Refunds & Users.This issue affects Export All Posts, Products, Orders, Refunds & Users: from n/a through 2.4.1. Published: 2023-11-30T14:43:05.150Z Updated: 2026-04-28T16:08:42.678Z Open on db.gcve.eu Reference links https://patchstack.com/database/vulnerability/wp-ultimate-exporter/wordpress-export-all-posts-products-orders-refunds-users-plugin-2-2-sensitive-data-exposure-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-2487`	vulnerable	2026-06-03 14:51:43.222728	WordPress WP Ultimate Exporter Plugin <= 2.4.1 is vulnerable to Sensitive Data Exposure MEDIUM (5.9) Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Smackcoders Export All Posts, Products, Orders, Refunds & Users.This issue affects Export All Posts, Products, Orders, Refunds & Users: from n/a through 2.4.1. Published: 2023-12-21T14:08:49.034Z Updated: 2026-04-28T16:08:06.230Z Open on db.gcve.eu Reference links https://patchstack.com/database/vulnerability/wp-ultimate-exporter/wordpress-export-all-posts-products-orders-refunds-users-plugin-2-2-sensitive-data-exposure-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

Export All Posts, Products, Orders, Refunds & Users

PURL mappings

Vulnerability references

Contribute