WordPress Plugin Vulnerabilities

WooCommerce - Store Exporter < 2.4 - CSV Injection

Description

A CSV Injection vulnerability was discovered in WooCommerce - Store Exporter v 2.3.1. It allows a user with low level privileges to inject a command that will be included in the exported CSV file, leading to possible command/code execution.

Affects Plugins

woocommerce-exporter

Fixed in version 2.4

References

URL

https://fortiguard.com/zeroday/FG-VD-20-001

Classification

Type

UNKNOWN

Miscellaneous

Original Researcher

Vishnupriya Ilango of Fortinet's FortiGuard Labs

Verified

WPVDB ID

3ecf4f18-13fe-4b1b-82a4-752f5eebc8e5

Timeline

Publicly Published

2020-01-09 (about 3 years ago)

Added

2020-01-09 (about 3 years ago)

Last Updated

2020-01-10 (about 3 years ago)

Our Other Services

WPScan WordPress Security Plugin