The vulnerability is a Cross‑Site Request Forgery flaw in the Market Exporter plugin that allows an attacker to force a logged‑in administrator to perform unintended actions such as exporting data. The flaw is categorized as CWE‑352 and can lead to unauthorized data exposure or manipulation if an attacker can trick a privileged user into submitting a crafted request. The impact is primarily limited to users who have administrative privileges on the site. The description does not mention that arbitrary code execution or full system compromise is possible. Based on the description, the likely attack vector is through a malicious link or embed that the admin processes while authenticated.

The affected product is the WordPress Market Exporter plugin by Anton Vanyukov. Versions from an undefined minimum through 2.0.22 are vulnerable. No other vendors or products are listed. The issue is tied to the Market Exporter plugin only.

The CVSS score is 4.3, indicating moderate impact. The EPSS score of < 1% suggests a very low probability of exploitation at present. The vulnerability is not listed in the CISA KEV catalog. Without an available exploit, the risk for a typical site is low, but because the flaw allows an attacker to perform actions on behalf of an admin, the potential to cause damage exists if an administrator is tricked into visiting a malicious URL. The attack does not require any special conditions beyond the presence of a logged‑in administrator with access to the plugin’s export functionality.