cleantalk
Vulnerabilities and Security Researches

WP Import Export Lite, CVE-2022-0236

CVE, Research URL

CVE-2022-0236

Home page URL

Security reports for WP Import Export Lite

Application

WP Import Export Lite

Published on
Jan 18, 2022
Research Description
The WP Import Export WordPress plugin (both free and premium versions) is vulnerable to unauthenticated sensitive data disclosure due to a missing capability check on the download function wpie_process_file_download found in the ~/includes/classes/class-wpie-general.php file. This made it possible for unauthenticated attackers to download any imported or exported information from a vulnerable site which can contain sensitive information like user data. This affects versions up to, and including, 3.9.15.
Affected versions
Min -, max 3.9.5.
Status
vulnerable
Previous vulnerability researches
WP Import Export Lite (CVE-2022-0236) , Jun 07, 2024
WP Import Export Lite (CVE-2024-31308) , Jun 07, 2024
WP Import Export Lite (CVE-2025-2839) , Apr 23, 2025
New vulnerability
Watu Quiz (CVE-2025-46242) , Apr 24, 2025
Link Library (CVE-2025-46237) , Apr 24, 2025
Front End Users (CVE-2024-13569) , Apr 24, 2025
Simple calendar for Elementor (CVE-2025-46249) , Apr 24, 2025
Social Slider Feed (CVE-2025-0717) , Apr 24, 2025