Directory Traversal Vulnerability in Order Export & Import Plugin for WooCommerce
CVE-2024-13920

4.9MEDIUM

Key Information:

Vendor: WordPress
Status: Order Export & Order Import For WooCommerce
Vendor: CVE Published:; 20 March 2025

What is CVE-2024-13920?

The Order Export & Order Import plugin for WooCommerce is susceptible to a Directory Traversal vulnerability that allows authenticated users with Administrator-level access to exploit the download_file() function. This vulnerability can be leveraged to access arbitrary log files on the server, potentially exposing sensitive information that could compromise the integrity and confidentiality of the system.

Affected Version(s)

Order Export & Order Import for WooCommerce * <= 2.6.0

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/order-import-e...

https://wordpress.org/plugins/users-customers-import-expo...

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 20, 2025
Vulnerability Reserved
Mar 4, 2025

Credit

Hay Mizrachi

WordPress

What is CVE-2024-13920?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit