CVE-2024-12315
📋 TL;DR
This vulnerability allows unauthenticated attackers to access sensitive exported data files stored in an insecure directory in the Export All Posts plugin for WordPress. Any WordPress site using vulnerable versions of this plugin is affected, potentially exposing user data, orders, and other exported information.
💻 Affected Systems
- Export All Posts, Products, Orders, Refunds & Users plugin for WordPress
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete exposure of all exported data including user PII, payment information, order details, and other sensitive business data leading to data breach, regulatory fines, and reputational damage.
Likely Case
Unauthenticated attackers download exported files containing user emails, names, order details, and potentially partial payment information from publicly accessible directory.
If Mitigated
Directory access controls prevent file enumeration and download, limiting exposure to only files with known names.
🎯 Exploit Status
Exploitation requires only web access to the vulnerable directory path. Attackers can directly browse or guess file names to download sensitive exports.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version 2.9.4 or later
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Export All Posts, Products, Orders, Refunds & Users'. 4. Click 'Update Now' if available, or download version 2.9.4+ from WordPress repository. 5. Replace plugin files if manual update required.
🔧 Temporary Workarounds
Add .htaccess protection to exports directory
ApacheBlocks web access to the vulnerable directory using Apache .htaccess rules
echo 'Deny from all' > /wp-content/uploads/smack_uci_uploads/exports/.htaccess
Remove or restrict directory permissions
Linux/UnixChange directory permissions to prevent web server access
chmod 700 /wp-content/uploads/smack_uci_uploads/exports/
chown root:root /wp-content/uploads/smack_uci_uploads/exports/
🧯 If You Can't Patch
- Disable the Export All Posts plugin immediately
- Delete all files from /wp-content/uploads/smack_uci_uploads/exports/ directory
🔍 How to Verify
Check if Vulnerable:
Check if directory /wp-content/uploads/smack_uci_uploads/exports/ is accessible via web browser without authentication by visiting example.com/wp-content/uploads/smack_uci_uploads/exports/Check Version:
Check WordPress admin panel → Plugins → Export All Posts plugin version, or examine wp-content/plugins/wp-ultimate-exporter/readme.txt fileVerify Fix Applied:
After update, verify directory returns 403 Forbidden or similar access denied error when accessed via web📡 Detection & Monitoring
Log Indicators:
- HTTP 200 responses to /wp-content/uploads/smack_uci_uploads/exports/ paths
- Multiple GET requests to export directory with file enumeration patterns
Network Indicators:
- Unusual traffic to export directory from external IPs
- Large downloads of .csv, .xlsx, or other export file formats
SIEM Query:
source="web_access_logs" AND (uri="/wp-content/uploads/smack_uci_uploads/exports/*" OR uri CONTAINS "smack_uci_uploads/exports") AND status=200🔗 References
- https://plugins.trac.wordpress.org/browser/wp-ultimate-exporter/trunk/exportExtensions/ExportExtension.php#L1678
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3230400%40wp-ultimate-exporter&new=3230400%40wp-ultimate-exporter&sfp_email=&sfph_mail=
- https://www.wordfence.com/threat-intel/vulnerabilities/id/075709e0-5f00-4d7b-80f6-96e3b4b4a895?source=cve
