{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-2696", "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "state": "PUBLISHED", "assignerShortName": "WPScan", "dateReserved": "2026-02-18T14:32:38.179Z", "datePublished": "2026-04-01T06:00:08.236Z", "dateUpdated": "2026-04-01T14:02:38.139Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan", "dateUpdated": "2026-04-01T06:00:08.236Z"}, "title": "Export All URLs < 5.1 - Unauthenticated Sensitive Data Exposure", "problemTypes": [{"descriptions": [{"description": "CWE-200 Information Exposure", "lang": "en", "type": "CWE"}]}], "affected": [{"vendor": "Unknown", "product": "Export All URLs", "versions": [{"status": "affected", "versionType": "semver", "version": "0", "lessThan": "5.1"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Export All URLs WordPress plugin before 5.1 generates CSV filenames containing posts URLS (including private posts) in a predictable pattern using a random 6-digit number. These files are stored in the publicly accessible wp-content/uploads/ directory. As a result, any unauthenticated user can brute-force the filenames to gain access to sensitive data contained within the exported files."}], "references": [{"url": "https://wpscan.com/vulnerability/55d627c1-ad05-4cd1-ae7b-932d84c19313/", "tags": ["exploit", "vdb-entry", "technical-description"]}], "credits": [{"lang": "en", "value": "Mohammad Aghdasi", "type": "finder"}, {"lang": "en", "value": "WPScan", "type": "coordinator"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "WPScan CVE Generator"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-200", "lang": "en", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-04-01T14:02:00.298022Z", "id": "CVE-2026-2696", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-01T14:02:38.139Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-2696", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-01T14:02:00.298022Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-200", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-01T14:02:34.765Z"}}], "cna": {"title": "Export All URLs < 5.1 - Unauthenticated Sensitive Data Exposure", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Mohammad Aghdasi"}, {"lang": "en", "type": "coordinator", "value": "WPScan"}], "affected": [{"vendor": "Unknown", "product": "Export All URLs", "versions": [{"status": "affected", "version": "0", "lessThan": "5.1", "versionType": "semver"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://wpscan.com/vulnerability/55d627c1-ad05-4cd1-ae7b-932d84c19313/", "tags": ["exploit", "vdb-entry", "technical-description"]}], "x_generator": {"engine": "WPScan CVE Generator"}, "descriptions": [{"lang": "en", "value": "The Export All URLs WordPress plugin before 5.1 generates CSV filenames containing posts URLS (including private posts) in a predictable pattern using a random 6-digit number. These files are stored in the publicly accessible wp-content/uploads/ directory. As a result, any unauthenticated user can brute-force the filenames to gain access to sensitive data contained within the exported files."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "description": "CWE-200 Information Exposure"}]}], "providerMetadata": {"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan", "dateUpdated": "2026-04-01T06:00:08.236Z"}}}, "cveMetadata": {"cveId": "CVE-2026-2696", "state": "PUBLISHED", "dateUpdated": "2026-04-01T14:02:38.139Z", "dateReserved": "2026-02-18T14:32:38.179Z", "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "datePublished": "2026-04-01T06:00:08.236Z", "assignerShortName": "WPScan"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Export All URLs WordPress plugin before 5.1 generates CSV filenames containing posts URLS (including private posts) in a predictable pattern using a random 6-digit number. These files are stored in the publicly accessible wp-content/uploads/ directory. As a result, any unauthenticated user can brute-force the filenames to gain access to sensitive data contained within the exported files."}], "id": "CVE-2026-2696", "lastModified": "2026-04-15T15:05:47.827", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-04-01T06:16:15.380", "references": [{"source": "contact@wpscan.com", "url": "https://wpscan.com/vulnerability/55d627c1-ad05-4cd1-ae7b-932d84c19313/"}], "sourceIdentifier": "contact@wpscan.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,5.1)"}}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}]}, "original": {"product": "Export All URLs", "source": "cna", "vendor": "Unknown"}, "product": "export_all_urls", "vendor": "export_all_urls"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "wordpress", "vendor": "wordpress"}], "analysis": {"en": {"generated_at": "2026-04-02T03:11:13.407240+00:00", "value": {"mitigation_remediation": ["Update the Export All URLs plugin to version\u202f5.1 or later, which eliminates the vulnerable file\u2011generation behavior.", "After updating, delete any existing CSV files residing in wp\u2011content/uploads that may have been exposed.", "Restrict write permissions to the uploads directory to prevent accidental exposure of future export files.", "Verify that no other plugins or scripts expose sensitive data via publicly accessible directories.", "Keep WordPress core, themes, and plugins regularly updated to reduce the risk of similar vulnerabilities."], "summary": {"action": "Patch Plugin", "impact": "Sensitive Data Exposure"}, "threat_synthesis": {"affected_systems": "WordPress sites that have installed the Export All URLs plugin and are running any version older than\u202f5.1. Site administrators should review whether the plugin is in use, and if so, determine the current version they are running.", "description_and_impact": "The Export All URLs WordPress plugin prior to version\u202f5.1 writes exported CSV files that include URLs for all posts, even private ones. The filenames are generated with an apparently random 6\u2011digit number and are stored in the publicly addressable wp\u2011content/uploads directory. Because the file names can be guessed or brute\u2011forced, an unauthenticated user can download these files and read sensitive data that should not be exposed. This vulnerability is a form of sensitive data exposure, classified as CWE\u2011200.", "risk_and_exploitability": "The CVSS score of 5.3 indicates a moderate severity impact, but the EPSS score of less than\u202f1\u202f% shows that the likelihood of exploitation is low. The vulnerability is not listed in the CISA KEV catalog, suggesting no widely known public exploits. Nevertheless, the attack vector is unauthenticated file download: an attacker simply needs to guess the 6\u2011digit filename to retrieve the exported CSV. Even with low probability, the potential exposure of private post URLs warrants proactive remediation."}}}}, "created": "2026-04-02T07:49:53.058865+00:00", "updated": "2026-04-03T08:58:46.046853+00:00", "vendors": ["export_all_urls", "export_all_urls$PRODUCT$export_all_urls", "wordpress", "wordpress$PRODUCT$wordpress"]}