Cross-Site Scripting Vulnerability in AlgolPlus Advanced Order Export for WooCommerce Plugin
CVE-2020-11727

6.1MEDIUM

Key Information:

Vendor
Wordpress
Status
Advanced Order Export
Vendor
CVE Published:
6 May 2020

Summary

The AlgolPlus Advanced Order Export for WooCommerce plugin version 3.1.3 for WordPress contains a cross-site scripting (XSS) vulnerability. This allows remote attackers to exploit the view/settings-form.php file through the woe_post_type parameter, enabling the injection of arbitrary web scripts or HTML. Proper validation and sanitization measures are crucial to prevent such vulnerabilities from being exploited.

References

https://www.themissinglink.com.au/security-advisories-cve...
x_refsource_MISC
https://wordpress.org/plugins/woo-order-export-lite/#deve...
x_refsource_MISC
https://plugins.trac.wordpress.org/browser/woo-order-expo...
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.