Wp All Export – Drag & Drop Export To Any Custom Csv, Xml & Excel
Approved changes feed: RSS · Atom
cpe:2.3:a:soflyy:wp_all_export_–_drag_&_drop_export_to_any_custom_csv,_xml_&_excel:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Soflyy (87a26a9e-acd4-5262-bca3-fa77ab4eb5d0) |
|---|---|
| Product | Wp All Export – Drag & Drop Export To Any Custom Csv, Xml & Excel (c9cd2b05-06bf-5ae0-a029-6de2a8c6cf1d) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2026-1582 |
vulnerable | 2026-06-03 15:14:44.691481 |
WP All Export <= 1.4.14 - Unauthenticated Sensitive Information Exposure via PHP Type Juggling
LOW (3.7)
The WP All Export plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.14 via the export download endpoint. This is due to a PHP type juggling vulnerability in the security token comparison which uses loose comparison (==) instead of strict comparison (===). This makes it possible for unauthenticated attackers to bypass authentication using "magic hash" values when the expected MD5 hash prefix happens to be numeric-looking (matching pattern ^0e\d+$), allowing download of sensitive export files containing PII, business data, or database information.
Published: 2026-02-18T12:28:35.103Z
Updated: 2026-04-08T17:11:05.713Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.