Vulnerabilities and security researches formarket-exporter market-exporter

Jun 07, 2024

CVE, Research URL: fc13cf8378bcbb2a31bcb899adb5b1919527547a
Home page URL: Security reports for Market Exporter
Application: Market Exporter
Date: Feb 28, 2022
Research Description: Market Exporter [market-exporter] < 2.0.14 (closed) WordPress Market Exporter plugin <= 2.0.13 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability discovered in WordPress Market Exporter plugin (versions <= 2.0.13).
Affected versions: Min -, max -.
Status: vulnerable

Jun 08, 2024

CVE, Research URL: CVE-2024-5637
Home page URL: Security reports for Market Exporter
Application: Market Exporter
Date: Jun 07, 2024
Research Description: The Market Exporter plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'remove_files' function in all versions up to, and including, 2.0.19. This makes it possible for authenticated attackers, with Subscriber-level access and above, to use path traversal to delete arbitrary files on the server.
Affected versions: Min -, max -.
Status: vulnerable

Nov 15, 2024

CVE, Research URL: CVE-2022-4974
Home page URL: Security reports for Market Exporter
Application: Market Exporter
Date: Oct 16, 2024
Research Description: The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
Affected versions: Min -, max -.
Status: vulnerable

Feb 27, 2025

CVE, Research URL: CVE-2025-26995
Home page URL: Security reports for Market Exporter
Application: Market Exporter
Date: Feb 25, 2025
Research Description: Missing Authorization vulnerability in Anton Vanyukov Market Exporter allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Market Exporter: from n/a through 2.0.21.
Affected versions: Min -, max -.
Status: vulnerable

Jun 15, 2025

CVE, Research URL: CVE-2025-49269
Home page URL: Security reports for Market Exporter
Application: Market Exporter
Date: Jun 06, 2025
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in Anton Vanyukov Market Exporter allows Cross Site Request Forgery. This issue affects Market Exporter: from n/a through 2.0.22.
Affected versions: Min -, max -.
Status: vulnerable