CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2020-11727 – Advanced Order Export for WooCommerce <= 3.1.3 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2020-11727
08 Apr 2020 — A cross-site scripting (XSS) vulnerability in the AlgolPlus Advanced Order Export For WooCommerce plugin 3.1.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the view/settings-form.php woe_post_type parameter. Una vulnerabilidad de tipo cross-site scripting (XSS) en el plugin AlgolPlus Advanced Order Export For WooCommerce versión 3.1.3, para WordPress, permite a atacantes remotos inyectar script web o HTML arbitrario por medio del parámetro woe_post_type del archivo view/s... • https://packetstorm.news/files/id/157557 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 2%CPEs: 1EXPL: 2CVE-2018-11525 – Advanced Order Export For WooCommerce <= 1.5.4 - CSV Injection
https://notcve.org/view.php?id=CVE-2018-11525
19 Jun 2018 — The plugin "Advanced Order Export For WooCommerce" for WordPress (v1.5.4 and before) is vulnerable to CSV Injection. El plugin "Advanced Order Export For WooCommerce" para WordPress (versiones 1.5.4 y anteriores) es vulnerable a una inyección de CSV. WordPress Advanced Order Export for WooCommerce plugins versions prior to 1.5.4 suffer from a CSV injection vulnerability. • https://packetstorm.news/files/id/148297 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-1236: Improper Neutralization of Formula Elements in a CSV File •