Lucene search
Jack MisiuraWPEX-ID:DB7B6799-99FD-4376-8DA4-84885D17B387HistoryMay 04, 2020 - 12:00 a.m.
Advanced Order Export For WooCommerce < 3.1.4 - Authenticated Cross-Site Scripting (XSS)
2020-05-0400:00:00
Jack Misiura
22
EPSS
0.002
Percentile
61.4%
The Advanced Order Export plugin for WooCommerce versions < 3.1.4 had a reflected XSS vulnerability due to lack of input sanitization on the woe_post_type parameter. This allowed arbitrary HTML and JavaScript injection and execution in the context of the logged in user.
On a WooCommerce installation with a vulnerable Advanced Order Export plugin (< 3.1.4), issue the following request while logged in as Administrator:
https://example.com/wp-admin/admin.php?page=wc-order-export&tab=export&woe_post_type=%22%3E%3Cscript%3Ealert(1);#segment=common
Related
cvelist
cvelist
CVE-2020-11727
2020-05-06 17:27:04
CVE-2021-27349
2021-03-31 21:34:09
openvas
openvas
prion
prion
Cross site scripting
2020-05-06 18:15:00
Design/Logic Flaw
2021-03-31 22:15:00
wpvulndb
wpvulndb
cve
cve
CVE-2020-11727
2020-05-06 18:15:11
CVE-2021-27349
2021-03-31 22:15:14
patchstack
patchstack
packetstorm
packetstorm
WordPress WooCommerce Advanced Order Export 3.1.3 Cross Site Scripting
2020-05-05 00:00:00
nvd
nvd
CVE-2020-11727
2020-05-06 18:15:11
CVE-2021-27349
2021-03-31 22:15:14
zdt
zdt