CVE-2022-3395 Information

Description

The WP All Export Pro WordPress plugin before 1.7.9 uses the contents of the cc_sql POST parameter directly as a database query allowing users which has been given permission to run exports to execute arbitrary SQL statements leading to a SQL Injection vulnerability. By default only users with the Administrator role can perform exports but this can be delegated to lower privileged users as well.

Reference

https://wpscan.com/vulnerability/10742154-368a-40be-a67d-80ea848493a0