WordPress Plugin Vulnerabilities

WooCommerce – Store Exporter < 2.7.1 - Reflected Cross-Site Scripting (XSS)

Description

The plugin was affected by a Reflected Cross-Site Scripting (XSS) vulnerability in the woo_ce admin page.

Proof of Concept

Affects Plugins

Plugin icon
woocommerce-exporter
Fixed in 2.7.1

References

CVE
CVE-2022-0149
URL
https://plugins.trac.wordpress.org/changeset/2654545/woocommerce-exporter

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
4.8 (medium)

Miscellaneous

Original Researcher
Krzysztof Zając
Submitter
Krzysztof Zając
Submitter website
https://kazet.cc/
Verified
Yes
WPVDB ID
e47c288a-2ea3-4926-93cc-113867cbc77c

Timeline

Publicly Published
2022-01-10 (about 3 years ago)
Added
2022-01-10 (about 3 years ago)
Last Updated
2022-04-12 (about 3 years ago)

Other

Published
Title
Published
2024-03-26
Title
Elementor Website Builder Pro < 3.20.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Form Widget SVGZ File Upload
Published
2024-11-01
Title
Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) < 5.10.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Age Gate
Published
2023-02-15
Title
FireCask Like & Share Button < 1.2 - Admin+ Stored XSS
Published
2024-07-09
Title
ConeBlog – WordPress Blog Widgets < 1.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2025-05-22
Title
Butcher <= 2.40 - Reflected Cross-Site Scripting