WordPress WooCommerce Advanced Order Export 3.1.3 Cross Site Scripting Vulnerability

🗓️ 07 May 2020 00:00:00Reported by Jack MisiuraType

zdt🔗 0day.today👁 41 Views

WordPress WooCommerce Advanced Order Export 3.1.3 XSS Vulnerabilit

Reporter	Title	Published	Views	Family All 17
CNVD	WordPress WooCommerce Advanced Order Export Cross-Site Scripting Vulnerability	7 May 202000:00	–	cnvd
CVE	CVE-2020-11727	6 May 202017:27	–	cve
Cvelist	CVE-2020-11727	6 May 202017:27	–	cvelist
EUVD	EUVD-2020-4069	7 Oct 202500:30	–	euvd
NVD	CVE-2020-11727	6 May 202018:15	–	nvd
OpenVAS	WordPress Advanced Order Export For WooCommerce Plugin < 3.1.4 XSS Vulnerability	7 May 202000:00	–	openvas
OSV	CVE-2020-11727	6 May 202018:15	–	osv
Packet Storm	WordPress WooCommerce Advanced Order Export 3.1.3 Cross Site Scripting	5 May 202000:00	–	packetstorm
Patchstack	WordPress Advanced Order Export For WooCommerce plugin <= 3.1.3 - Authenticated Cross-Site Scripting (XSS) vulnerability	4 May 202000:00	–	patchstack
Prion	Cross site scripting	6 May 202018:15	–	prion

Product: WordPress WooCommerce - Advanced Order Export plugin.

Vendor Homepage: https://algolplus.com/plugins/downloads/advanced-order-export-for-woocommerce-pro/

Vulnerable Version: 3.1.3

Fixed Version: 3.1.4

CVE Number: CVE-2020-11727

Author: Jack Misiura from The Missing Link 


1. Vulnerability Description

 

The WordPress Advanced Order Export WooCommerce plugin does not sanitise the woe_post_type parameter which can be passed through in the URL, allowing for HTML or JavaScript injection.

 

2. PoC

 

On a WordPress installation with WooCommerce and a vulnerable Advanced Order Export plugin, issue the following request while logged in as Administrator:

https://wp-site/wp-admin/admin.php?page=wc-order-export&tab=export&woe_post_type=%22%3E%3Cscript%3Ealert(1);#segment=common

 

3. Solution

 

The vendor provides an updated version (3.1.4) which should be installed immediately.

#  0day.today [2020-07-19]  #

07 May 2020 00:00Current

6.3Medium risk

Vulners AI Score6.3

EPSS0.00484