WPFactory Products, Order & Customers Export for WooCommerce vulnerable to Reflected XSS
CVE-2024-43127

7.1HIGH

Key Information:

Vendor: WordPress
Status: Products, Order & Customers Export For WooCommerce
Vendor: CVE Published:; 12 August 2024

What is CVE-2024-43127?

A vulnerability exists in WPFactory's Products, Order & Customers Export for WooCommerce plugin that allows for reflected cross-site scripting (XSS) attacks. This issue occurs due to improper sanitization of user inputs during web page generation. Attackers can exploit this vulnerability by crafting malicious links that, when visited by users, execute arbitrary JavaScript in their browsers. This could lead to unauthorized actions and data leakage, posing serious risks to website integrity and user information. Affected versions include those prior to 2.0.11.

Affected Version(s)

Products, Order & Customers Export for WooCommerce <= 2.0.11

References

https://patchstack.com/database/vulnerability/export-wooc...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 12, 2024

Credit

Abdi Pranata (Patchstack Alliance)