What is the CVSS score of CVE-2024-13922?

CVE-2024-13922 has a CVSS 3.1 base score of 2.7 (Low). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N. EPSS exploitation probability: 0.3%.

Which versions of Order Export Order Import For Woocommerce are affected by CVE-2024-13922?

CVE-2024-13922 is a low-severity vulnerability in all (CVSS 2.7). The limited severity suggests constrained impact, typically requiring specific conditions or local access for exploitation.. A patch is available.

How to fix or mitigate CVE-2024-13922?

During next maintenance window: Apply vendor patches when convenient. Vendor patch is available.

Order Export Order Import For Woocommerce CVE-2024-13922

LOW

External Control of File Name or Path (CWE-73)

2025-03-20 security@wordfence.com

WordPress Information Disclosure Order Export Order Import For Woocommerce

2.7

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

2.7 LOW

AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 28, 2026 - 18:32 vuln.today

Patch released

Mar 28, 2026 - 18:32 nvd

Patch available

CVE Published

Mar 20, 2025 - 12:15 nvd

LOW 2.7

DescriptionCVE.org

The Order Export & Order Import for WooCommerce plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the admin_log_page() function in all versions up to, and including, 2.6.0. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary log files on the server.

AnalysisAI

The Order Export & Order Import for WooCommerce plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the admin_log_page() function in all versions. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity.

Technical ContextAI

This vulnerability is classified under CWE-73. The Order Export & Order Import for WooCommerce plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the admin_log_page() function in all versions up to, and including, 2.6.0. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary log files on the server. Affected products include: Webtoffee Order Export \& Order Import For Woocommerce.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2024-13922 vulnerability details – vuln.today

Back

Order Export Order Import For Woocommerce CVE-2024-13922

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code