CVE-2026-2696

Export All URLs < 5.1 - Unauthenticated Sensitive Data Exposure

CVSS 5.3 MEDIUMEPSS 0.3%CWE-200

The Export All URLs WordPress plugin before 5.1 generates CSV filenames containing posts URLS (including private posts) in a predictable pattern using a random 6-digit number. These files are stored in the publicly accessible wp-content/uploads/ directory. As a result, any unauthenticated user can brute-force the filenames to gain access to sensitive data contained within the exported files.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected products

Unknown · Export All URLs

public PoCs found — 1

cve_referencewpscan.com/vulnerability/55d627c1-ad05-4cd1-ae7b-932d84c19313/unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://wpscan.com/vulnerability/55d627c1-ad05-4cd1-ae7b-932d84c19313/