[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$ff5HFavCNLovfRjQAxr_ROhYUDJNYZabk23eUqtYnDUE":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":9,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":62,"crawl_stats":37,"alternatives":69,"analysis":95,"fingerprints":153},"export-post-info","Export Post Info","1.3.0","apasionados","https:\u002F\u002Fprofiles.wordpress.org\u002Fapasionados\u002F","","This plugin exports posts Date published, Post title, Word Count, Status, URL and Category to a CSV file.",1000,23132,100,13,"2023-09-23T13:19:00.000Z","6.3.8","4.0.1",[19,20,21,22,23],"export-post-titles","export-title","export-urls","extract-title","extract-urls","https:\u002F\u002Fapasionados.es\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fexport-post-info.1.3.0.zip",84,2,0,"2022-09-22 00:00:00","2026-03-15T15:16:48.613Z",[32,48],{"id":33,"url_slug":34,"title":35,"description":36,"plugin_slug":4,"theme_slug":37,"affected_versions":38,"patched_in_version":39,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":29,"updated_date":44,"references":45,"days_to_patch":47},"CVE-2022-38061","export-post-info-authenticated-author-csv-injection","Export Post Info \u003C= 1.2.0 - Authenticated (Author+) CSV Injection","The Export Post Info plugin for WordPress is vulnerable to CSV Injection. This allows authenticated users with author permissions or higher, to inject commands that the plugin will include when generating a CSV file for export. If a victim opens the malicious CSV file on a vulnerable platform these commands could be executed on their local machine.",null,"\u003C=1.2.0","1.2.1","medium",5.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')","2024-01-22 19:56:02",[46],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fe033dd4a-bc82-403a-82aa-cd8516290f4a?source=api-prod",488,{"id":49,"url_slug":50,"title":51,"description":52,"plugin_slug":4,"theme_slug":37,"affected_versions":53,"patched_in_version":54,"severity":40,"cvss_score":55,"cvss_vector":56,"vuln_type":57,"published_date":58,"updated_date":44,"references":59,"days_to_patch":61},"CVE-2022-38068","export-post-info-authenticated-administrator-stored-cross-site-scripting","Export Post Info \u003C= 1.1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting","The Export Post Info plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘epi_random_string_filename’ parameter in versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in the post export page that will execute whenever a user accesses it.","\u003C=1.1.0","1.2.0",5.5,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:H\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2022-09-07 00:00:00",[60],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F890f83dc-d8d2-4fb2-a04a-c7b70d104b49?source=api-prod",503,{"slug":7,"display_name":7,"profile_url":8,"plugin_count":63,"total_installs":64,"avg_security_score":65,"avg_patch_time_days":66,"trust_score":67,"computed_at":68},28,60790,94,326,75,"2026-04-04T05:03:55.380Z",[70],{"slug":71,"name":72,"version":73,"author":74,"author_profile":75,"description":76,"short_description":77,"active_installs":78,"downloaded":79,"rating":80,"num_ratings":81,"last_updated":82,"tested_up_to":83,"requires_at_least":84,"requires_php":85,"tags":86,"homepage":90,"download_link":91,"security_score":92,"vuln_count":93,"unpatched_count":28,"last_vuln_date":94,"fetched_at":30},"export-all-urls","Export All URLs","5.1","Atlas Gondal","https:\u002F\u002Fprofiles.wordpress.org\u002Fatlas_gondal\u002F","\u003Cp>This plugin will add a page called “Export All URLs” under Tools. You can navigate there and can extract data from your site. You can export Posts:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>ID\u003C\u002Fli>\n\u003Cli>Title\u003C\u002Fli>\n\u003Cli>URL\u003C\u002Fli>\n\u003Cli>Categories\u003C\u002Fli>\n\u003Cli>Category URLs\u003C\u002Fli>\n\u003Cli>Tags\u003C\u002Fli>\n\u003Cli>Tag URLs\u003C\u002Fli>\n\u003Cli>Author\u003C\u002Fli>\n\u003Cli>Published Date\u003C\u002Fli>\n\u003Cli>Modified Date\u003C\u002Fli>\n\u003Cli>Status\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The data can be filtered by post type, post status, date range, and author before extraction, and the plugin also provides the option to export using a specific post range.\u003C\u002Fp>\n\u003Ch3>When we need this plugin?\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>To check all URLs of your website\u003C\u002Fli>\n\u003Cli>During migration\u003C\u002Fli>\n\u003Cli>During security audit\u003C\u002Fli>\n\u003Cli>Need to share All URLs with SEO guy\u003C\u002Fli>\n\u003Cli>301 Redirects handling using htaccess\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Customizable Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Filter by Author\u003C\u002Fli>\n\u003Cli>Filter by Date Range\u003C\u002Fli>\n\u003Cli>Exclude domain URL (very helpful in comparing results after migration)\u003C\u002Fli>\n\u003Cli>Set post range (very beneficial in case of timeout\u002Fmemory out error)\u003C\u002Fli>\n\u003Cli>Generates CSV file name randomly (sensitive data protection for security reasons)\u003C\u002Fli>\n\u003Cli>Set preferred CSV file name (provides more control)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>System requirements\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>PHP version 5.4 or higher\u003C\u002Fli>\n\u003Cli>WordPress version 3.1.0 or higher\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>If you encounter any bugs, please report them to me, and I will strive to resolve them as quickly as possible!\u003C\u002Fp>\n\u003Ch3>Contact\u003C\u002Fh3>\n\u003Cp>For further information please send me an \u003Ca href=\"https:\u002F\u002FAtlasGondal.com\u002Fcontact-me\u002F?utm_source=self&utm_medium=wp&utm_campaign=export-all-urls&utm_term=plugin-description\" rel=\"nofollow ugc\">email\u003C\u002Fa>.\u003C\u002Fp>\n","This plugin enables you to extract information such as Title, URL, Categories, Tags, Author, as well as Published and Modified dates for built-in post …",50000,713563,90,92,"2026-03-09T11:32:00.000Z","6.9.4","3.1","5.4",[21,23,87,88,89],"get-links","get-urls","links","https:\u002F\u002FAtlasGondal.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fexport-all-urls.5.1.zip",99,5,"2023-06-19 00:00:00",{"attackSurface":96,"codeSignals":116,"taintFlows":143,"riskAssessment":144,"analyzedAt":152},{"hooks":97,"ajaxHandlers":112,"restRoutes":113,"shortcodes":114,"cronEvents":115,"entryPointCount":28,"unprotectedCount":28},[98,104,108],{"type":99,"name":100,"callback":101,"file":102,"line":103},"action","plugins_loaded","apa_epi_f_load_plugin_textdomain","export-post-info.php",17,{"type":99,"name":105,"callback":106,"file":102,"line":107},"admin_init","apa_epi_f_register_settings",29,{"type":99,"name":109,"callback":110,"file":102,"line":111},"admin_menu","apa_epi_f_nav",31,[],[],[],[],{"dangerousFunctions":117,"sqlUsage":118,"outputEscaping":120,"fileOperations":141,"externalRequests":28,"nonceChecks":28,"capabilityChecks":141,"bundledLibraries":142},[],{"prepared":28,"raw":28,"locations":119},[],{"escaped":121,"rawEcho":122,"locations":123},12,8,[124,128,130,131,133,135,138,139],{"file":125,"line":126,"context":127},"export-post-info-settings.php",34,"raw output",{"file":125,"line":129,"context":127},50,{"file":125,"line":129,"context":127},{"file":125,"line":132,"context":127},67,{"file":125,"line":134,"context":127},77,{"file":136,"line":137,"context":127},"functions.php",171,{"file":136,"line":137,"context":127},{"file":136,"line":140,"context":127},175,1,[],[],{"summary":145,"deductions":146},"The 'export-post-info' plugin v1.3.0 exhibits a mixed security posture. On the positive side, static analysis reveals no identified attack surface in terms of AJAX handlers, REST API routes, shortcodes, or cron events that lack proper authentication or permission checks. The code also demonstrates good practices with 100% of SQL queries utilizing prepared statements, and a single file operation and capability check are present. However, a significant concern arises from the output escaping, where 60% of the 20 total outputs are properly escaped, leaving 40% potentially vulnerable to injection or XSS attacks if the unsanitized output is processed by downstream components or rendered directly in the browser. Taint analysis did not uncover any flows with unsanitized paths, which is a positive indicator.\n\nThe vulnerability history of this plugin is a notable area of concern. With two known medium-severity CVEs, both related to 'Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')' and 'Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')', it suggests a pattern of insecure output handling or input sanitization. The fact that these were the common vulnerability types and the last one occurred in September 2022 indicates a recurring issue that may not have been fully addressed in this version, despite there being no currently unpatched CVEs. The lack of recent patching history for these specific vulnerability types is a red flag.\n\nIn conclusion, while the plugin has a minimal attack surface and uses prepared statements for SQL, the concerning percentage of unescaped output and the history of injection and XSS vulnerabilities indicate potential risks. The plugin has strengths in its limited entry points and SQL practices but weaknesses in output sanitization and a history of exploitable flaws that warrant careful consideration. Users should exercise caution and ensure proper output handling within their WordPress environment.",[147,149],{"reason":148,"points":122},"Significant portion of outputs not properly escaped",{"reason":150,"points":151},"History of 2 medium severity vulnerabilities (Injection\u002FXSS)",15,"2026-03-16T19:01:04.007Z",{"wat":154,"direct":161},{"assetPaths":155,"generatorPatterns":157,"scriptPaths":158,"versionParams":159},[156],"\u002Fwp-content\u002Fplugins\u002Fexport-post-info\u002Fcss\u002Fstyle.css",[],[],[160],"export-post-info\u002Fcss\u002Fstyle.css?ver=",{"cssClasses":162,"htmlComments":168,"htmlAttributes":169,"restEndpoints":171,"jsGlobals":172,"shortcodeOutput":173},[163,164,165,166,167],"wrap","postbox-container","metabox-holder","postbox","form-table",[],[170],"id=\"epi_random_string_filename\"",[],[],[]]