CVE-2026-1582: CWE-200 Exposure of Sensitive Information to an Unauthorized Actor in soflyy WP All Export – Drag & Drop Export to Any Custom CSV, XML & Excel
The WP All Export plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.14 via the export download endpoint. This is due to a PHP type juggling vulnerability in the security token comparison which uses loose comparison (==) instead of strict comparison (===). This makes it possible for unauthenticated attackers to bypass authentication using "magic hash" values when the expected MD5 hash prefix happens to be numeric-looking (matching pattern ^0e\d+$), allowing download of sensitive export files containing PII, business data, or database information.
AI Analysis
Technical Summary
The WP All Export plugin for WordPress contains a sensitive information exposure vulnerability (CWE-200) due to improper token validation in the export download endpoint. Specifically, the plugin uses a loose comparison operator (==) for verifying security tokens, which allows PHP type juggling attacks. When the expected MD5 hash prefix matches a pattern resembling a numeric value (e.g., ^0e\d+$), an attacker can craft a 'magic hash' to bypass authentication checks and download sensitive export files containing PII or other confidential data. This vulnerability affects all versions up to and including 1.4.14. The CVSS 3.1 base score is 3.7, reflecting low severity with network attack vector, high attack complexity, no privileges required, no user interaction, and limited confidentiality impact.
Potential Impact
An unauthenticated attacker can bypass the security token check due to a PHP type juggling vulnerability and download sensitive export files from the WP All Export plugin. The exposed data may include personally identifiable information, business data, or database contents. The impact is limited to confidentiality loss with no integrity or availability impact. The vulnerability has a low severity rating and no known active exploitation in the wild.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict access to the export download endpoint and monitor for unauthorized access attempts. Avoid relying on the affected plugin versions for sensitive data exports. Follow vendor updates closely for any released patches or official fixes.
CVE-2026-1582: CWE-200 Exposure of Sensitive Information to an Unauthorized Actor in soflyy WP All Export – Drag & Drop Export to Any Custom CSV, XML & Excel
Description
The WP All Export plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.14 via the export download endpoint. This is due to a PHP type juggling vulnerability in the security token comparison which uses loose comparison (==) instead of strict comparison (===). This makes it possible for unauthenticated attackers to bypass authentication using "magic hash" values when the expected MD5 hash prefix happens to be numeric-looking (matching pattern ^0e\d+$), allowing download of sensitive export files containing PII, business data, or database information.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The WP All Export plugin for WordPress contains a sensitive information exposure vulnerability (CWE-200) due to improper token validation in the export download endpoint. Specifically, the plugin uses a loose comparison operator (==) for verifying security tokens, which allows PHP type juggling attacks. When the expected MD5 hash prefix matches a pattern resembling a numeric value (e.g., ^0e\d+$), an attacker can craft a 'magic hash' to bypass authentication checks and download sensitive export files containing PII or other confidential data. This vulnerability affects all versions up to and including 1.4.14. The CVSS 3.1 base score is 3.7, reflecting low severity with network attack vector, high attack complexity, no privileges required, no user interaction, and limited confidentiality impact.
Potential Impact
An unauthenticated attacker can bypass the security token check due to a PHP type juggling vulnerability and download sensitive export files from the WP All Export plugin. The exposed data may include personally identifiable information, business data, or database contents. The impact is limited to confidentiality loss with no integrity or availability impact. The vulnerability has a low severity rating and no known active exploitation in the wild.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict access to the export download endpoint and monitor for unauthorized access attempts. Avoid relying on the affected plugin versions for sensitive data exports. Follow vendor updates closely for any released patches or official fixes.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- Wordfence
- Date Reserved
- 2026-01-29T00:43:49.262Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 6995b46b80d747be206b616e
Added to database: 2/18/2026, 12:45:31 PM
Last enriched: 4/9/2026, 6:31:05 PM
Last updated: 5/21/2026, 12:52:37 PM
Views: 197
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.