Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total6
Critical0
High0
Medium5
Reset
Showing 1-6 of 6 records
Threat Entry Updated 2026-04-15

CVE-2026-2696 - Export All Urls Plugin

The Export All URLs WordPress plugin before 5.1 generates CSV filenames containing posts URLS (including private posts) in a predictable pattern using a random 6-digit number. These files are stored in the publicly accessible wp-content/uploads/ directory. As a result, any unauthenticated user can brute-force the filenames to gain access to sensitive data contained within the exported files.

PLUGIN Export All Urls

CVE-2026-2696

MEDIUM CVSS 5.3 2026-04-01
Open Full Technical Breakdown
Threat Entry Updated 2025-04-23

CVE-2023-3118 - Export All Urls Plugin

The Export All URLs WordPress plugin before 4.6 does not sanitise and escape a parameter before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

PLUGIN Export All Urls

CVE-2023-3118

MEDIUM CVSS 6.1 2023-07-10
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2022-2638 - Export All Urls Plugin

The Export All URLs WordPress plugin before 4.4 does not validate the path of the file to be removed on the system which is supposed to be the CSV file. This could allow high privilege users to delete arbitrary file from the server

PLUGIN Export All Urls

CVE-2022-2638

MEDIUM CVSS 6.5 2022-08-29
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2022-0914 - Export All Urls Plugin

The Export All URLs WordPress plugin before 4.3 does not have CSRF in place when exporting data, which could allow attackers to make a logged in admin export all posts and pages (including private and draft) into an arbitrary CSV file, which the attacker can then download and retrieve the list of titles for example

PLUGIN Export All Urls

CVE-2022-0914

MEDIUM CVSS 6.5 2022-04-11
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2022-0892 - Export All Urls Plugin

The Export All URLs WordPress plugin before 4.2 does not sanitise and escape the CSV filename before outputting it back in the page, leading to a Reflected Cross-Site Scripting

PLUGIN Export All Urls

CVE-2022-0892

MEDIUM CVSS 6.1 2022-04-11
Open Full Technical Breakdown
Scroll to top