Advanced Order Export For Woocommerce
Monthly
Stored/reflected Cross-Site Scripting in the Advanced Order Export For WooCommerce WordPress plugin (by AlgolPlus) affects all versions up to and including 4.0.9, letting a remote attacker inject script that executes in the browser of a victim who views attacker-controlled order/export data. The flaw carries a CVSS 7.1 rating driven by a scope change (attacker script runs outside the vulnerable component's security context) and requires victim interaction; there is no public exploit identified at time of analysis and it is not on the CISA KEV list.
SQL Injection in the Advanced Order Export For WooCommerce WordPress plugin (versions up to and including 4.0.10) allows authenticated shop managers to append arbitrary SQL to existing queries via the unsanitized 'sort_direction' parameter, enabling full read-access to the WordPress database. Wordfence confirmed the flaw, which is compounded by the plugin's deliberate stripping of WordPress magic quotes protection through stripslashes_deep(), permitting SQL metacharacters to reach the query context intact. No public exploit code has been identified at time of analysis, and this CVE does not appear in the CISA KEV catalog.
The Advanced Order Export For WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.5.5 via deserialization of untrusted input during Order. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cross-Site Request Forgery (CSRF) vulnerability in Advanced Order Export For WooCommerce plugin <= 3.3.2 on WordPress leading to export file download. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Authenticated (shop manager+) Reflected Cross-Site Scripting (XSS) vulnerability in AlgolPlus Advanced Order Export For WooCommerce plugin <= 3.3.1 at WordPress. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
This Advanced Order Export For WooCommerce WordPress plugin before 3.1.8 helps you to easily export WooCommerce order data. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Advanced Order Export before 3.1.8 for WooCommerce allows XSS, a different vulnerability than CVE-2020-11727. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A cross-site scripting (XSS) vulnerability in the AlgolPlus Advanced Order Export For WooCommerce plugin 3.1.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
The plugin "Advanced Order Export For WooCommerce" for WordPress (v1.5.4 and before) is vulnerable to CSV Injection. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Stored/reflected Cross-Site Scripting in the Advanced Order Export For WooCommerce WordPress plugin (by AlgolPlus) affects all versions up to and including 4.0.9, letting a remote attacker inject script that executes in the browser of a victim who views attacker-controlled order/export data. The flaw carries a CVSS 7.1 rating driven by a scope change (attacker script runs outside the vulnerable component's security context) and requires victim interaction; there is no public exploit identified at time of analysis and it is not on the CISA KEV list.
SQL Injection in the Advanced Order Export For WooCommerce WordPress plugin (versions up to and including 4.0.10) allows authenticated shop managers to append arbitrary SQL to existing queries via the unsanitized 'sort_direction' parameter, enabling full read-access to the WordPress database. Wordfence confirmed the flaw, which is compounded by the plugin's deliberate stripping of WordPress magic quotes protection through stripslashes_deep(), permitting SQL metacharacters to reach the query context intact. No public exploit code has been identified at time of analysis, and this CVE does not appear in the CISA KEV catalog.
The Advanced Order Export For WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.5.5 via deserialization of untrusted input during Order. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cross-Site Request Forgery (CSRF) vulnerability in Advanced Order Export For WooCommerce plugin <= 3.3.2 on WordPress leading to export file download. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Authenticated (shop manager+) Reflected Cross-Site Scripting (XSS) vulnerability in AlgolPlus Advanced Order Export For WooCommerce plugin <= 3.3.1 at WordPress. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
This Advanced Order Export For WooCommerce WordPress plugin before 3.1.8 helps you to easily export WooCommerce order data. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Advanced Order Export before 3.1.8 for WooCommerce allows XSS, a different vulnerability than CVE-2020-11727. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A cross-site scripting (XSS) vulnerability in the AlgolPlus Advanced Order Export For WooCommerce plugin 3.1.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
The plugin "Advanced Order Export For WooCommerce" for WordPress (v1.5.4 and before) is vulnerable to CSV Injection. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.