137 matches found
CVE-2020-36748
The Dokan plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.0.8. This is due to missing or incorrect nonce validation on the handleorderexport function. This makes it possible for unauthenticated attackers to trigger an order export via a forged...
CVE-2024-13921
The Order Export & Order Import for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.6.0 via deserialization of untrusted input from the 'formdata' parameter. This makes it possible for authenticated attackers, with Administrator-level...
CVE-2024-13920
The Order Export & Order Import for WooCommerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.6.0 via the downloadfile function. This makes it possible for authenticated attackers, with Administrator-level access and above, to read the contents ...
CVE-2024-13923
The Order Export & Order Import for WooCommerce plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.6.0 via the validatefile function. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web...
CVE-2024-13920 Order Export & Order Import for WooCommerce <= 2.6.0 - Directory Traversal to Authenticated (Administrator+) Limited Arbitrary File Read via download_file Function
The Order Export & Order Import for WooCommerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.6.0 via the downloadfile function. This makes it possible for authenticated attackers, with Administrator-level access and above, to read the contents ...
WordPress Order Export & Order Import for WooCommerce plugin <= 2.6.0 - Directory Traversal to Authenticated (Administrator+) Limited Arbitrary File Read via download_file Function vulnerability
Directory Traversal to Authenticated Administrator+ Limited Arbitrary File Read via downloadfile Function vulnerability discovered by HayMiz in WordPress Plugin Order Export & Order Import for WooCommerce versions = 2.6.0...
WordPress Order Export & Order Import for WooCommerce plugin <= 2.6.0 - Authenticated (Admin+) PHP Object Injection via form_data Parameter vulnerability
Authenticated Admin+ PHP Object Injection via formdata Parameter vulnerability discovered by HayMiz in WordPress Plugin Order Export & Order Import for WooCommerce versions = 2.6.0...
WordPress plugin Order Export & Order Import for WooCommerce 路径遍历漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversal...
WordPress plugin Order Export & Order Import for WooCommerce 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability exists i...
WordPress plugin Order Export & Order Import for WooCommerce 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability exists i...
CVE-2024-54231
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Anzar Ahmed Ni WooCommerce Order Export ni-woocommerce-order-export allows Reflected XSS.This issue affects Ni WooCommerce Order Export: from n/a through = 3.1.6...
CVE-2024-31266
Improper Control of Generation of Code 'Code Injection' vulnerability in AlgolPlus Advanced Order Export For WooCommerce allows Code Injection.This issue affects Advanced Order Export For WooCommerce: from n/a through 3.4.4...
CVE-2024-22135
Unrestricted Upload of File with Dangerous Type vulnerability in WebToffee Order Export & Order Import for WooCommerce.This issue affects Order Export & Order Import for WooCommerce: from n/a through 2.4.3...
WordPress Order Export for WooCommerce plugin <= 3.24 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory vulnerability
Unauthenticated Sensitive Information Exposure Through Unprotected Directory vulnerability discovered by Tim Coen in WordPress Plugin Order Export for WooCommerce versions = 3.24...
WordPress plugin Order Export for WooCommerce 信息泄露漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An information disclosure...
PT-2025-2232 · WordPress · Order Export For Woocommerce
Name of the Vulnerable Software and Affected Versions: Order Export for WooCommerce plugin for WordPress versions up to, and including, 3.24 Description: The issue allows unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/uploads directory, which can contain...
CVE-2024-54231
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Anzar Ahmed Ni WooCommerce Order Export ni-woocommerce-order-export allows Reflected XSS.This issue affects Ni WooCommerce Order Export: from n/a through = 3.1.6...
CVE-2024-54231 WordPress Ni WooCommerce Order Export plugin <= 3.1.6 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Anzar Ahmed Ni WooCommerce Order Export ni-woocommerce-order-export allows Reflected XSS.This issue affects Ni WooCommerce Order Export: from n/a through = 3.1.6...
CVE-2024-54231
CVE-2024-54231 refers to a WordPress vulnerability in the Ni WooCommerce Order Export plugin (versions
CVE-2024-54231 WordPress Ni WooCommerce Order Export plugin <= 3.1.6 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Anzar Ahmed Ni WooCommerce Order Export ni-woocommerce-order-export allows Reflected XSS.This issue affects Ni WooCommerce Order Export: from n/a through = 3.1.6...