cleantalk
Vulnerabilities and Security Researches

Export All Posts, Products, Orders, Refunds & Users, CVE-2024-12315

CVE, Research URL

CVE-2024-12315

Home page URL

Security reports for Export All Posts, Products, Orders, Refunds & Users

Application

Export All Posts, Products, Orders, Refunds & Users

Published on
Feb 12, 2025
Research Description
The Export All Posts, Products, Orders, Refunds & Users plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.9.3 via the exports directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/uploads/smack_uci_uploads/exports/ directory which can contain information like exported user data.
Affected versions
Min -, max 2.10.
Status
vulnerable
Previous vulnerability researches
Export All Posts, Products, Orders, Refunds & Users (CVE-2023-45066) , Jun 07, 2024
Export All Posts, Products, Orders, Refunds & Users (CVE-2016-11000) , Jun 07, 2024
Export All Posts, Products, Orders, Refunds & Users (CVE-2018-20968) , Jun 07, 2024
Export All Posts, Products, Orders, Refunds & Users (CVE-2023-2487) , Jun 07, 2024
Export All Posts, Products, Orders, Refunds & Users (CVE-2024-12315) , Feb 16, 2025
New vulnerability
User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin (CVE-2025-2594) , Apr 03, 2025
xili-dictionary (CVE-2025-30840) , Apr 03, 2025
Page Takeover (CVE-2025-31470) , Apr 03, 2025
Administrator Z (CVE-2025-2815) , Apr 03, 2025
Custom Fields Account Registration For Woocommerce (CVE-2025-30888) , Apr 03, 2025