WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Advanced Order Export For WooCommerce < 3.3.2 - Reflected Cross-Site Scripting

Description

The plugin does not sanitise and escape a parameter before outputting it back in the response, leading to a Reflected Cross-Site Scripting

Affects Plugins

woo-order-export-lite
Fixed in version 3.3.2

References

CVE
CVE-2022-35275

Classification

Type

XSS

OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Original Researcher

Lucio Sá

Verified

No

WPVDB ID
9e4c6ae1-e448-4f6f-9e14-65f0e7f8c9be

Timeline

Publicly Published

2022-08-25 (about 5 months ago)

Added

2022-09-15 (about 4 months ago)

Last Updated

2022-09-15 (about 4 months ago)

Our Other Services

WPScan WordPress Security Plugin