Code Injection Vulnerability Affects Advanced Order Export For WooCommerce
CVE-2024-31266

9.1CRITICAL

Key Information:

Vendor
WordPress
Status
Advanced Order Export For WooCommerce
Vendor
CVE Published:
25 April 2024

Summary

The vulnerability in AlgolPlus Advanced Order Export for WooCommerce arises from improper controls over code generation, allowing for unauthorized code injection. This flaw potentially exposes systems to malicious code exploits, compromising the integrity and security of web applications utilizing this plugin. Affected users are advised to evaluate their plugin versions and implement security measures to mitigate possible threats. Immediate updates are recommended to safeguard against exploitation.

Affected Version(s)

Advanced Order Export For WooCommerce <= 3.4.4

References

https://patchstack.com/database/vulnerability/woo-order-e...
vdb-entry

CVSS V3.1

Score:
9.1
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

movrment (Patchstack Alliance)
.