CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2020-11727 – Advanced Order Export for WooCommerce <= 3.1.3 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2020-11727
A cross-site scripting (XSS) vulnerability in the AlgolPlus Advanced Order Export For WooCommerce plugin 3.1.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the view/settings-form.php woe_post_type parameter. Una vulnerabilidad de tipo cross-site scripting (XSS) en el plugin AlgolPlus Advanced Order Export For WooCommerce versión 3.1.3, para WordPress, permite a atacantes remotos inyectar script web o HTML arbitrario por medio del parámetro woe_post_type del archivo view/settings-form.php. WordPress WooCommerce Advanced Order Export plugin version 3.1.3 suffers from a cross site scripting vulnerability. • http://packetstormsecurity.com/files/157557/WordPress-WooCommerce-Advanced-Order-Export-3.1.3-Cross-Site-Scripting.html https://plugins.trac.wordpress.org/browser/woo-order-export-lite/trunk/view/settings-form.php https://wordpress.org/plugins/woo-order-export-lite/#developers https://www.themissinglink.com.au/security-advisories-cve-2020-11727 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-11525 – Advanced Order Export For WooCommerce <= 1.5.4 - CSV Injection
https://notcve.org/view.php?id=CVE-2018-11525
The plugin "Advanced Order Export For WooCommerce" for WordPress (v1.5.4 and before) is vulnerable to CSV Injection. El plugin "Advanced Order Export For WooCommerce" para WordPress (versiones 1.5.4 y anteriores) es vulnerable a una inyección de CSV. WordPress Advanced Order Export for WooCommerce plugins versions prior to 1.5.4 suffer from a CSV injection vulnerability. • https://www.exploit-db.com/exploits/44931 https://wordpress.org/plugins/woo-order-export-lite/#developers https://wpvulndb.com/vulnerabilities/9096 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-1236: Improper Neutralization of Formula Elements in a CSV File •