The Export All Posts, Products, Orders, Refunds & Users plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.9.3 via the exports directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/uploads/smack_uci_uploads/exports/ directory which can contain information like exported user data.

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-12315. Reason: This candidate is a reservation duplicate of CVE-2024-12315. Notes: All CVE users should reference CVE-2024-12315 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.