WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Advanced Order Export For WooCommerce < 3.1.8 - Authenticated Reflected Cross-Site Scripting (XSS)

Description

This plugin helps you to easily export WooCommerce order data. The tab parameter in the Admin Panel was vulnerable to authenticated reflected XSS.

Proof of Concept

wp-admin/admin.php?page=wc-order-export&tab=</script><script>alert(/XSS/)</script>

Affects Plugins

woo-order-export-lite
Fixed in version 3.1.8

References

CVE
CVE-2021-24169
URL
https://0xb9.blog/cross-site-scripting-fixed-in-advanced-order-export-for-woocommerce/

Classification

Type

XSS

OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Original Researcher

0xB9

Submitter twitter
0xB9sec
Verified

Yes

WPVDB ID
09681a6c-57b8-4448-982a-fe8d28c87fc3

Timeline

Publicly Published

2021-03-03 (about 1 years ago)

Added

2021-03-03 (about 1 years ago)

Last Updated

2021-05-13 (about 1 years ago)

Our Other Services

WPScan WordPress Security Plugin