CVE-2026-1582
Authentication Bypass in WP All Export Plugin Exposes Sensitive Data
Publication date: 2026-02-18
Last updated on: 2026-02-18
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wp_all_export | wp_all_export | to 1.4.14 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-200 | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The WP All Export plugin for WordPress has a vulnerability in versions up to 1.4.14 related to how it verifies access to export files. The plugin uses a security token comparison that relies on PHP's loose comparison (==) instead of strict comparison (===). This allows attackers to exploit a PHP type juggling issue, specifically with "magic hash" values that look numeric and match a certain pattern (^0e\d+$).
Because of this, unauthenticated attackers can bypass authentication checks and download sensitive export files containing personally identifiable information (PII), business data, or database information by crafting requests to the export download endpoint.
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized access to sensitive export files generated by the WP All Export plugin. Attackers can download files containing PII, business data, or database information without authentication.
Such exposure can result in data breaches, loss of confidentiality, and potential misuse of sensitive information.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': "This vulnerability can be detected by monitoring HTTP requests to the WP All Export plugin's export download endpoint, specifically looking for requests with parameters such as 'action', 'export_id', and 'export_hash' or 'security_token'. Suspicious requests that bypass authentication using magic hash values (numeric-looking MD5 hash prefixes) may indicate exploitation attempts."}, {'type': 'paragraph', 'content': 'You can use network monitoring or web server access logs to identify such requests. For example, using command-line tools like grep on your web server logs to find requests to the export endpoint:'}, {'type': 'list_item', 'content': "grep 'action=get_data' /var/log/apache2/access.log"}, {'type': 'list_item', 'content': "grep 'export_hash' /var/log/apache2/access.log"}, {'type': 'list_item', 'content': "grep 'security_token' /var/log/apache2/access.log"}, {'type': 'paragraph', 'content': 'Additionally, you can use curl commands to test the endpoint manually by attempting to access export files with crafted tokens to verify if unauthorized access is possible.'}] [3]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to update the WP All Export plugin to version 1.4.15 or later, which contains security improvements that fix this vulnerability.
The update includes changes such as using strict and constant-time comparison functions (hash_equals) for security token verification, improved CSV parsing and export handling, better data sanitization, and enhanced session validation.
If updating immediately is not possible, consider restricting access to the export download endpoint by limiting IP addresses or requiring authentication at the web server level to prevent unauthenticated access.