Allows filtering of specific data types, such as skipping spam comments or post revisions to reduce file size.
This vulnerability involved the insecure deserialization of untrusted data within the WP Import Export Lite plugin. Attackers could exploit this flaw to achieve information disclosure, data tampering, or denial of service (DoS) conditions. The vulnerability affects versions from n/a through 3.9.26, making 3.9.27 also potentially susceptible. vj-wp-import-export.3.9.27.zip
User discussions from the time reveal several recurring issues with version 3.9.x: Allows filtering of specific data types, such as
For high-security environments, unzip the file locally and look for suspicious functions like eval( , base64_decode( , exec( , or remote file_get_contents() calls to external URLs. Allows filtering of specific data types