cleantalk
Vulnerabilities and Security Researches

Market Exporter, CVE-2024-5637

CVE, Research URL

CVE-2024-5637

Home page URL

Security reports for Market Exporter

Application

Market Exporter

Published on
Jun 07, 2024
Research Description
The Market Exporter plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'remove_files' function in all versions up to, and including, 2.0.19. This makes it possible for authenticated attackers, with Subscriber-level access and above, to use path traversal to delete arbitrary files on the server.
Affected versions
Min -, max 2.0.20.
Status
vulnerable
Previous vulnerability researches
Market Exporter (CVE-2024-5637) , Jun 08, 2024
Market Exporter (CVE-2022-4974) , Nov 15, 2024
Market Exporter (CVE-2025-49269) , Jun 15, 2025
Market Exporter (CVE-2025-26995) , Feb 27, 2025
Market Exporter (fc13cf8378bcbb2a31bcb899adb5b1919527547a) , Jun 07, 2024
New vulnerability
DIOT SCADA with MQTT (CVE-2025-4216) , Jun 16, 2025
Simple Newsletter Plugin – Noptin (CVE-2025-49871) , Jun 16, 2025
Job Board Manager (CVE-2025-49324) , Jun 16, 2025
Bitly URL Shortener (CVE-2025-30629) , Jun 16, 2025
ACF Onyx Poll (CVE-2025-5841) , Jun 16, 2025