WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Advanced Order Export For WooCommerce < 3.1.4 - Authenticated Cross-Site Scripting (XSS)

Description

The Advanced Order Export plugin for WooCommerce versions < 3.1.4 had a reflected XSS vulnerability due to lack of input sanitization on the woe_post_type parameter. This allowed arbitrary HTML and JavaScript injection and execution in the context of the logged in user.

Proof of Concept

On a WooCommerce installation with a vulnerable Advanced Order Export plugin (< 3.1.4), issue the following request while logged in as Administrator:

https://example.com/wp-admin/admin.php?page=wc-order-export&tab=export&woe_post_type=%22%3E%3Cscript%3Ealert(1);#segment=common

Affects Plugins

woo-order-export-lite
Fixed in version 3.1.4

References

CVE
CVE-2020-11727
URL
https://www.themissinglink.com.au/security-advisories-cve-2020-11727
URL
https://plugins.trac.wordpress.org/changeset/2283137/woo-order-export-lite

Classification

Type

XSS

OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Original Researcher

Jack Misiura

Submitter

Jack Misiura

Submitter website
https://www.themissinglink.com.au
Verified

No

WPVDB ID
db7b6799-99fd-4376-8da4-84885d17b387

Timeline

Publicly Published

2020-05-04 (about 2 years ago)

Added

2020-05-04 (about 2 years ago)

Last Updated

2020-05-05 (about 2 years ago)

Our Other Services

WPScan WordPress Security Plugin