2 matches found
CVE-2024-9377
CVE-2024-9377 affects the WordPress plugin Products, Order & Customers Export for WooCommerce (WooCommerce) up to version 2.0.15. It suffers a Reflected Cross-Site Scripting (XSS) flaw due to improper escaping in URL construction using add_query_arg and remove_query_arg, allowing unauthenticated ...
CVE-2024-9377 Products, Order & Customers Export for WooCommerce <= 2.0.15 - Reflected Cross-Site Scripting
The Products, Order & Customers Export for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 2.0.15. This makes it possible for unauthenticat...