WordPress Plugin Vulnerabilities

Products & Order Export for WooCommerce < 2.0.9 - Missing Authorization

Description

The plugin is vulnerable to unauthorized access due to missing capability checks on the alg_wc_export_admin_product_preview and alg_wc_export_admin_product_change_date_filter functions in all versions up to, and including, 2.0.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to export product features and change date filters.

Affects Plugins

Plugin icon
export-woocommerce
Fixed in 2.0.9

References

URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/da1f68a5-8ca7-4744-9b73-09e767072885

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
4.3 (medium)

Miscellaneous

Verified
No
WPVDB ID
51a943a2-10b8-4b1e-860c-ab5efc9edf3f

Timeline

Publicly Published
2024-01-10 (about 2 years ago)
Added
2024-03-13 (about 2 years ago)
Last Updated
2024-03-13 (about 2 years ago)

Other

Published
Title
Published
2026-02-03
Title
WP Job Portal < 2.4.5 - Missing Authorization
Published
2026-02-17
Title
Gutenberg Blocks with AI by Kadence WP < 3.6.2 - Contributor+ Unauthorized Media Upload
Published
2025-02-18
Title
Simple Photo Feed < 1.4.1 - Missing Authorization
Published
2025-01-15
Title
My Tickets < 2.0.10 - Missing Authorization
Published
2023-09-05
Title
Starter Templates <= 3.2.5 - Incorrect Authorization