WordPress Plugin Vulnerabilities

Advanced Order Export For WooCommerce < 3.4.5 - Shop Manager+ Remote Code Execution

Description

The plugin is vulnerable to Remote Code Execution in all versions up to, and including, 3.4.4. This makes it possible for authenticated attackers, with shop manager-level access and above, to execute code on the server.

Affects Plugins

Plugin icon
woo-order-export-lite
Fixed in 3.4.5

References

CVE
CVE-2024-31266
URL
https://patchstack.com/database/vulnerability/woo-order-export-lite/wordpress-advanced-order-export-for-woocommerce-plugin-3-4-4-remote-code-execution-vulnerability

Classification

Type
RCE
OWASP top 10
A1: Injection
CWE
CWE-94
CVSS
9.1 (critical)

Miscellaneous

Original Researcher
movrment
Verified
No
WPVDB ID
9e1bc030-8327-43a7-b872-70159b53a05d

Timeline

Publicly Published
2024-04-05 (about 2 years ago)
Added
2024-04-12 (about 2 years ago)
Last Updated
2024-04-12 (about 2 years ago)

Other

Published
Title
Published
2026-02-11
Title
TechOne <= 3.0.3 - Unauthenticated Arbitrary Shortcode Execution
Published
2024-04-17
Title
HUSKY – Products Filter for WooCommerce (formerly WOOF) < 1.3.5.3 - Subscriber+ Remote Code Execution
Published
2024-04-25
Title
Customify Site Library <= 0.0.9 - Unauthenticated Remote Code Execution
Published
2022-05-18
Title
Member Hero <= 1.0.9 - Unauthenticated RCE
Published
2025-08-07
Title
Code Engine < 0.3.4 - Authenticated (Contributor+) Remote Code Execution