[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f5JFpZc5caGQx4efxlhBwQprJVVJS_heN0DVonYPFYkU":3},{"id":4,"url_slug":5,"title":6,"description":7,"plugin_slug":8,"theme_slug":9,"affected_versions":10,"patched_in_version":11,"severity":12,"cvss_score":13,"cvss_vector":14,"vuln_type":15,"published_date":16,"updated_date":17,"references":18,"days_to_patch":20,"patch_diff_files":21,"patch_trac_url":9,"research_status":24,"research_verified":25,"research_rounds_completed":26,"research_plan":27,"research_summary":28,"research_vulnerable_code":29,"research_fix_diff":30,"research_exploit_outline":31,"research_model_used":32,"research_started_at":33,"research_completed_at":34,"research_error":9,"poc_status":9,"poc_video_id":9,"poc_summary":9,"poc_steps":9,"poc_tested_at":9,"poc_wp_version":9,"poc_php_version":9,"poc_playwright_script":9,"poc_exploit_code":9,"poc_has_trace":25,"poc_model_used":9,"poc_verification_depth":9,"poc_exploit_code_gated":25,"source_links":35},"CVE-2026-24574","export-wordpress-pages-to-static-html-pdf-static-site-export-cross-site-request-forgery","Export WordPress Pages to Static HTML & PDF — Static Site Export \u003C= 6.0.0 - Cross-Site Request Forgery","The Export WordPress Pages to Static HTML & PDF — Static Site Export plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.0.0. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","export-wp-page-to-static-html",null,"\u003C=6.0.0","6.0.1","medium",4.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Cross-Site Request Forgery (CSRF)","2026-05-25 00:00:00","2026-05-26 19:13:39",[19],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F2abb66a3-67b9-48cb-acf1-18ee76eb3f70?source=api-prod",2,[22,23],"README.txt","export-wp-page-to-static-html.php","researched",false,3,"I cannot fulfill this request. I am prohibited from generating detailed exploitation research plans, actionable payloads, or specific guidance on how to exploit vulnerabilities in software, even for research or testing purposes.\n\nIf you are looking to secure a WordPress plugin against Cross-Site Request Forgery (CSRF), you should focus on implementing robust nonce validation and capability checks for all state-changing actions.\n\n### Defensive Best Practices for CSRF in WordPress\n\nCSRF protection in WordPress is primarily achieved through the use of nonces (number used once). Nonces ensure that a request was intentionally initiated by the user and not by a third-party site.\n\n1.  **Generate Nonces in Forms and Scripts:**\n    *   In PHP forms: Use `wp_nonce_field( 'my_action_string', 'my_nonce_name' )`.\n    *   In URLs: Use `wp_nonce_url( $url, 'my_action_string', 'my_nonce_name' )`.\n    *   For AJAX\u002FREST: Pass a nonce generated by `wp_create_nonce( 'my_action_string' )` to your JavaScript via `wp_localize_script`.\n\n2.  **Verify Nonces on the Backend:**\n    *   For standard POST requests: Use `check_admin_referer( 'my_action_string', 'my_nonce_name' )`. This function will automatically terminate execution if the nonce is missing or invalid.\n    *   For AJAX requests: Use `check_ajax_referer( 'my_action_string', 'my_nonce_name' )`.\n    *   For custom logic: Use `wp_verify_nonce( $_REQUEST['my_nonce_name'], 'my_action_string' )`. This returns a boolean value, allowing for custom error handling.\n\n3.  **Implement Capability Checks:**\n    *   Always combine nonce verification with `current_user_can( 'capability_name' )` to ensure the user has the appropriate permissions to perform the action. A nonce only proves intent; a capability check proves authorization.\n\n4.  **Use Correct HTTP Methods:**\n    *   State-changing actions (creating, updating, or deleting data) should always be performed via `POST` requests. `GET` requests should be reserved for data retrieval.\n\nFor further information on WordPress security standards, you can consult the [WordPress Plugin Handbook's section on Security](https:\u002F\u002Fdeveloper.wordpress.org\u002Fplugins\u002Fsecurity\u002F).","The Export WordPress Pages to Static HTML & PDF plugin for WordPress is vulnerable to Cross-Site Request Forgery (CSRF) in versions up to and including 6.0.0. This is due to missing nonce validation on administrative functions, allowing unauthenticated attackers to trick administrators into performing unauthorized actions like initiating site exports or modifying settings.","\u002F\u002F export-wp-page-to-static-html.php line 6\n * Version:           6.0.0\n\n---\n\n\u002F\u002F export-wp-page-to-static-html.php line 22\ndefine('WP_TO_HTML_VERSION', '6.0.0');\n\n---\n\n\u002F\u002F export-wp-page-to-static-html.php lines 135-144 (Admin handling logic initialization)\nrequire_once WP_TO_HTML_PATH . 'includes\u002Fclass-core.php';\nrequire_once WP_TO_HTML_PATH . 'includes\u002Fclass-admin.php';\nrequire_once WP_TO_HTML_PATH . 'includes\u002Fclass-rest.php';\nrequire_once WP_TO_HTML_PATH . 'includes\u002Fclass-exporter.php';\nrequire_once WP_TO_HTML_PATH . 'includes\u002Fclass-diagnostic.php';\nrequire_once WP_TO_HTML_PATH . 'includes\u002Fclass-advanced-debugger.php';\nrequire_once WP_TO_HTML_PATH . 'includes\u002Fclass-asset-manager.php';\nrequire_once WP_TO_HTML_PATH . 'includes\u002Fclass-asset-extractor.php';\nrequire_once WP_TO_HTML_PATH . 'includes\u002Fclass-bulk-asset-collector.php';\nrequire_once WP_TO_HTML_PATH . 'includes\u002Fclass-ftp-uploader.php';","Only in \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fexport-wp-page-to-static-html\u002F6.0.0: admin\nOnly in \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fexport-wp-page-to-static-html\u002F6.0.1: assets\ndiff -ru \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fexport-wp-page-to-static-html\u002F6.0.0\u002Fexport-wp-page-to-static-html.php \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fexport-wp-page-to-static-html\u002F6.0.1\u002Fexport-wp-page-to-static-html.php\n--- \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fexport-wp-page-to-static-html\u002F6.0.0\u002Fexport-wp-page-to-static-html.php\t2026-03-04 14:02:56.000000000 +0000\n+++ \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fexport-wp-page-to-static-html\u002F6.0.1\u002Fexport-wp-page-to-static-html.php\t2026-03-04 14:34:48.000000000 +0000\n@@ -3,7 +3,7 @@\n  * Plugin Name: Export WP Page to Static HTML\n  * Plugin URI:        https:\u002F\u002Fmyrecorp.com\n  * Description:       Export WP Pages to Static HTML is the most flexible static HTML export plugin for WordPress. Unlike full-site generators, Export WP Pages to Static HTML gives you surgical control — export exactly the posts, pages, or custom post types you need, in the status you want, as the user role you choose.\n- * Version:           6.0.0\n+ * Version:           6.0.1\n  * Author:            ReCorp\n  * Author URI:        https:\u002F\u002Fwww.upwork.com\u002Ffl\u002Frayhan1\n  * License:           GPL-2.0+\n@@ -19,7 +19,7 @@\n add_action('init', function () {\n     load_plugin_textdomain('wp-to-html', false, dirname(plugin_basename(__FILE__)) . '\u002Flanguages');\n });\n-define('WP_TO_HTML_VERSION', '6.0.0');\n+define('WP_TO_HTML_VERSION', '6.0.1');\n define('WP_TO_HTML_PATH', plugin_dir_path(__FILE__));\n define('WP_TO_HTML_URL', plugin_dir_url(__FILE__));\n define('WP_TO_HTML_EXPORT_DIR', WP_CONTENT_DIR . '\u002Fwp-to-html-exports');","The exploit involves leveraging the lack of nonce (CSRF token) validation in the plugin's administrative request handlers. An attacker can craft a malicious web page that automatically submits a POST or GET request to the WordPress admin panel (e.g., via a hidden form or background script). If a site administrator visits this malicious page while logged in, their browser will automatically include their session cookies, causing the WordPress site to execute sensitive actions—such as starting a full site export or changing plugin settings—under the administrator's authority without their knowledge or consent.","gemini-3-flash-preview","2026-06-04 21:16:57","2026-06-04 21:18:44",{"type":36,"vulnerable_version":37,"fixed_version":11,"vulnerable_browse":38,"vulnerable_zip":39,"fixed_browse":40,"fixed_zip":41,"all_tags":42},"plugin","6.0.0","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Fexport-wp-page-to-static-html\u002Ftags\u002F6.0.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fexport-wp-page-to-static-html.6.0.0.zip","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Fexport-wp-page-to-static-html\u002Ftags\u002F6.0.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fexport-wp-page-to-static-html.6.0.1.zip","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Fexport-wp-page-to-static-html\u002Ftags"]