{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-1582", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2026-01-29T00:43:49.262Z", "datePublished": "2026-02-18T12:28:35.103Z", "dateUpdated": "2026-04-08T17:11:05.713Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:11:05.713Z"}, "affected": [{"vendor": "soflyy", "product": "WP All Export \u2013 Drag & Drop Export to Any Custom CSV, XML & Excel", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.4.14", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The WP All Export plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.14 via the export download endpoint. This is due to a PHP type juggling vulnerability in the security token comparison which uses loose comparison (==) instead of strict comparison (===). This makes it possible for unauthenticated attackers to bypass authentication using \"magic hash\" values when the expected MD5 hash prefix happens to be numeric-looking (matching pattern ^0e\\d+$), allowing download of sensitive export files containing PII, business data, or database information."}], "title": "WP All Export <= 1.4.14 - Unauthenticated Sensitive Information Exposure via PHP Type Juggling", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9a92c682-b8b3-4d23-bd84-97d7440ee525?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/wp-all-export/tags/1.4.14/actions/wp_loaded.php#L19"}, {"url": "https://plugins.trac.wordpress.org/changeset/3455775/"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", "cweId": "CWE-200", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseScore": 3.7, "baseSeverity": "LOW"}}], "credits": [{"lang": "en", "type": "finder", "value": "Vincent Theriault-Laine"}], "timeline": [{"time": "2026-01-29T01:04:55.000Z", "lang": "en", "value": "Vendor Notified"}, {"time": "2026-02-17T00:00:00.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-18T20:23:21.585955Z", "id": "CVE-2026-1582", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-18T20:23:34.008Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-1582", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-18T20:23:21.585955Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-18T20:23:26.609Z"}}], "cna": {"title": "WP All Export <= 1.4.14 - Unauthenticated Sensitive Information Exposure via PHP Type Juggling", "credits": [{"lang": "en", "type": "finder", "value": "Vincent Theriault-Laine"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 3.7, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"}}], "affected": [{"vendor": "soflyy", "product": "WP All Export \u2013 Drag & Drop Export to Any Custom CSV, XML & Excel", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "1.4.14"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2026-01-29T01:04:55.000Z", "value": "Vendor Notified"}, {"lang": "en", "time": "2026-02-17T00:00:00.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9a92c682-b8b3-4d23-bd84-97d7440ee525?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/wp-all-export/tags/1.4.14/actions/wp_loaded.php#L19"}, {"url": "https://plugins.trac.wordpress.org/changeset/3455775/"}], "descriptions": [{"lang": "en", "value": "The WP All Export plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.14 via the export download endpoint. This is due to a PHP type juggling vulnerability in the security token comparison which uses loose comparison (==) instead of strict comparison (===). This makes it possible for unauthenticated attackers to bypass authentication using \"magic hash\" values when the expected MD5 hash prefix happens to be numeric-looking (matching pattern ^0e\\d+$), allowing download of sensitive export files containing PII, business data, or database information."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-200", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-02-18T12:28:35.103Z"}}}, "cveMetadata": {"cveId": "CVE-2026-1582", "state": "PUBLISHED", "dateUpdated": "2026-02-18T20:23:34.008Z", "dateReserved": "2026-01-29T00:43:49.262Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2026-02-18T12:28:35.103Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The WP All Export plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.14 via the export download endpoint. This is due to a PHP type juggling vulnerability in the security token comparison which uses loose comparison (==) instead of strict comparison (===). This makes it possible for unauthenticated attackers to bypass authentication using \"magic hash\" values when the expected MD5 hash prefix happens to be numeric-looking (matching pattern ^0e\\d+$), allowing download of sensitive export files containing PII, business data, or database information."}, {"lang": "es", "value": "El plugin WP All Export para WordPress es vulnerable a la Exposici\u00f3n de Informaci\u00f3n Sensible en todas las versiones hasta la 1.4.14, inclusive, a trav\u00e9s del endpoint de descarga de exportaci\u00f3n. Esto se debe a una vulnerabilidad de manipulaci\u00f3n de tipos de PHP en la comparaci\u00f3n del token de seguridad que utiliza una comparaci\u00f3n laxa (==) en lugar de una comparaci\u00f3n estricta (===). Esto hace posible que atacantes no autenticados eludan la autenticaci\u00f3n utilizando valores de 'magic hash' cuando el prefijo del hash MD5 esperado resulta ser de aspecto num\u00e9rico (coincidiendo con el patr\u00f3n ^0e\\d+$), permitiendo la descarga de archivos de exportaci\u00f3n sensibles que contienen PII, datos comerciales o informaci\u00f3n de la base de datos."}], "id": "CVE-2026-1582", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 1.4, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2026-02-18T13:16:20.340", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/wp-all-export/tags/1.4.14/actions/wp_loaded.php#L19"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset/3455775/"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9a92c682-b8b3-4d23-bd84-97d7440ee525?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,*]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "WP All Export \u2013 Drag & Drop Export to Any Custom CSV, XML & Excel", "source": "cna", "vendor": "soflyy"}, "product": "wp_all_export_\u2013_drag_&_drop_export_to_any_custom_csv,_xml_&_excel", "vendor": "soflyy"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "wordpress", "vendor": "wordpress"}], "analysis": {"en": {"generated_at": "2026-04-15T18:13:45.792430+00:00", "value": {"mitigation_remediation": ["Upgrade WP All Export to version 1.4.15 or later, which replaces the loose comparison with a strict comparison in the token validation logic.", "Disable the export download endpoint for unauthenticated users via plugin settings or a security plugin, ensuring only authorized users can access export files.", "If an upgrade is not feasible, remove the WP All Export plugin or replace it with a more secure export solution to eliminate the vulnerable endpoint."], "summary": {"action": "Immediate Patch", "impact": "Sensitive Information Exposure"}, "threat_synthesis": {"affected_systems": "This flaw affects any WordPress site using the soflyy WP All Export plugin, specifically versions 1.4.14 and earlier. Users running the plugin in these versions are at risk of unauthorized data exfiltration through the export download endpoint.", "description_and_impact": "The vulnerability in the WP All Export plugin arises from a PHP type juggling flaw in the security token comparison. The code compares the provided token against a stored MD5 hash prefix using loose equality (==) instead of strict comparison (===). When the expected MD5 prefix matches a numeric\u2011looking pattern (^0e\\d+$), an attacker can supply a magic hash value that passes the comparison. This bypasses authentication checks and allows unauthenticated users to invoke the export download endpoint, retrieving sensitive export files that may contain personally identifiable information, business data, or database contents. The weakness is classified as CWE-200, indicating a potential for unauthorized disclosure of information.", "risk_and_exploitability": "The CVSS score is 3.7, signifying low severity, and the EPSS score is below 1%, indicating a very low probability of exploitation. The vulnerability is not currently listed in the CISA KEV catalog. Adversaries can exploit it remotely by sending a crafted HTTP request to the download endpoint with a magic hash value; no credentials are required. While the probability of exploitation remains low, the potential impact is the exposure of sensitive information."}}}}, "created": "2026-02-19T10:20:15.969917+00:00", "updated": "2026-04-15T18:15:10.857377+00:00", "vendors": ["soflyy", "soflyy$PRODUCT$wp_all_export_\u2013_drag_&_drop_export_to_any_custom_csv,_xml_&_excel", "wordpress", "wordpress$PRODUCT$wordpress"]}