[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"all-banners":3,"SkipToContent_34xgpJIRRkpiT6ls6jE4NHf7VpvQCQBEwi69exi4oT0":4,"FooterNav_JsYsxvLufb1W12aeknKZ89on0MD0bNDTiB5EYxyxmU":11,"FooterSocial_u16tCafBUeGMoDrdLfTINytP2JB5msc6iB3VDUutAoU":17,"vulnerability-19696":24},[],["Island",5],{"key":6,"params":7,"result":9},"SkipToContent_34xgpJIRRkpiT6ls6jE4NHf7VpvQCQBEwi69exi4oT0",{"props":8},"{}",{"head":10},{},["Island",12],{"key":13,"params":14,"result":15},"FooterNav_JsYsxvLufb1W12aeknKZ89on0MD0bNDTiB5EYxyxmU",{"props":8},{"head":16},{},["Island",18],{"key":19,"params":20,"result":22},"FooterSocial_u16tCafBUeGMoDrdLfTINytP2JB5msc6iB3VDUutAoU",{"props":21},"{\"text-color\":\"gray\"}",{"head":23},{},{"id":25,"detectable_with":26,"vuln_details":33,"vuln_id":52,"name":53,"published":54,"updated":34},19696,{"tool":27,"engine":30},{"id":28,"name":29},1,"Network Scanner",{"id":31,"name":32},3,"OpenVAS",{"id":25,"codename":34,"description":34,"severity":35,"risk_description":36,"public_description":37,"public_recommendation":38,"recommendation":34,"references":39,"cvssv3":43,"epss_score":44,"epss_percentile":45,"cve":46,"in_cisa_catalog":50,"date":51,"software_type":34,"vendor":34,"product":34,"ptt_exploit_capabilities":34},null,"medium","The following vulnerabilities exist: - CVE-2022-0892: The plugin does not sanitise and escape the CSV filename before outputting it back in the page, leading to a reflected cross-site scripting - CVE-2022-0914: The plugin does not have CSRF in place when exporting data, which could allow attackers to make a logged in admin export all posts and pages (including private and draft) into an arbitrary CSV file, which the attacker can then download and retrieve the list of titles for example - CVE-2022-29452: The plugin does not sanitise and escape some parameters, which could allow users with a role as low as editor to perform stored cross-site scripting attacks.","The WordPress plugin Export All URLs is prone to multiple vulnerabilities.","Update to version 4.2 or later.",[40,41,42],"https://wpscan.com/vulnerability/e5d95261-a243-493f-be6a-3c15ccb65435","https://wpscan.com/vulnerability/c328be28-75dd-43db-a5b9-c1ba0636c930","https://wpscan.com/vulnerability/d63a853a-fe10-41d5-8264-0a54d26a2665",4.8,0.00304,0.53635,[47,48,49],"CVE-2022-0892","CVE-2022-0914","CVE-2022-29452",false,"2022-04-11T00:00:00Z","NETSCAN-OPENVAS-1.3.6.1.4.1.25623.1.0.127552","WordPress Export All URLs Plugin \u003C 4.2 Multiple Vulnerabilities","2023-09-14T00:00:00Z"]