Skip to content

Features
Pricing

Search

WordPress Plugin Vulnerabilities

WooCommerce - Store Exporter < 2.4 - CSV Injection

Description

A CSV Injection vulnerability was discovered in WooCommerce - Store Exporter v 2.3.1. It allows a user with low level privileges to inject a command that will be included in the exported CSV file, leading to possible command/code execution.

Affects Plugins

woocommerce-exporter

Fixed in 2.4

References

URL

https://fortiguard.com/zeroday/FG-VD-20-001

Miscellaneous

Original Researcher

Vishnupriya Ilango of Fortinet's FortiGuard Labs

Verified

No

WPVDB ID

3ecf4f18-13fe-4b1b-82a4-752f5eebc8e5

Timeline

Publicly Published

2020-01-09 (about 6 years ago)

Added

2020-01-09 (about 6 years ago)

Last Updated

2020-01-10 (about 6 years ago)

Other

Published

Title

Published

2014-08-01

Title

WordPress 2.2 (wp-app.php) Arbitrary File Upload Exploit

Published

2014-09-21

Title

MailPoet Newsletters 2.6.7 - helpers/back.php page Parameter Unspecified Issue

Published

2014-08-01

Title

Awake 3.3 - dl-skin.php _mysite_download_skin Parameter Absolute Path Traversal Remote File Download

Published

2014-09-30

Title

BulletProof Security < .52.5 - Script Insertion

Published

2022-03-11

Title

WordPress < 5.9.2 - Prototype Pollution in jQuery

Vulnerabilities

WordPress
Plugins
Themes
Our Stats
Submit vulnerabilities

About

How it works
Pricing
WordPress plugin
Blog
Contact

For Developers

Status
API details
CLI scanner

Other

Privacy
Terms of service
Submission terms
Disclosure policy
Privacy Notice for California Users

In partnership with Jetpack

GitHub
Twitter
Facebook

An

endeavor

Subscribe Subscribed
- WPScan
- Already have a WordPress.com account? Log in now.