CVSS: 8.1EPSS: 11%CPEs: 1EXPL: 0CVE-2024-10828 – Advanced Order Export For WooCommerce <= 3.5.5 - Unauthenticated PHP Object Injection via Order Details
https://notcve.org/view.php?id=CVE-2024-10828
12 Nov 2024 — The Advanced Order Export For WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.5.5 via deserialization of untrusted input during Order export when the "Try to convert serialized values" option is enabled. This makes it possible for unauthenticated attackers to inject a PHP Object. The additional presence of a POP chain allows attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is d... • https://plugins.trac.wordpress.org/browser/woo-order-export-lite/trunk/classes/PHPExcel/Shared/XMLWriter.php#L83 • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-40128 – WordPress Advanced Order Export For WooCommerce plugin <= 3.3.2 - Cross-Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2022-40128
20 Oct 2022 — Cross-Site Request Forgery (CSRF) vulnerability in Advanced Order Export For WooCommerce plugin <= 3.3.2 on WordPress leading to export file download. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Advanced Order Export For WooCommerce de WordPress en versiones <= 3.3.2 que conduce a la descarga del archivo de exportación. The Advanced Order Export For WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.3.2. This is due t... • https://patchstack.com/database/vulnerability/woo-order-export-lite/wordpress-advanced-order-export-for-woocommerce-plugin-3-3-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-35275 – WordPress Advanced Order Export For WooCommerce plugin <= 3.3.1 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2022-35275
09 Aug 2022 — Authenticated (shop manager+) Reflected Cross-Site Scripting (XSS) vulnerability in AlgolPlus Advanced Order Export For WooCommerce plugin <= 3.3.1 at WordPress. Una vulnerabilidad de tipo Cross-Site Scripting (XSS) Reflejado Autenticado (administrador de tienda+) en el plugin AlgolPlus Advanced Order Export For WooCommerce versiones anteriores a 3.3.1 incluyéndola, en WordPress The Advanced Order Export For WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘'method' p... • https://patchstack.com/database/vulnerability/woo-order-export-lite/wordpress-advanced-order-export-for-woocommerce-plugin-3-3-1-reflected-cross-site-scripting-xss-vulnerability/_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 1%CPEs: 1EXPL: 4CVE-2021-24169 – Advanced Order Export For WooCommerce < 3.1.8 - Reflected Cross-Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2021-24169
03 Mar 2021 — This Advanced Order Export For WooCommerce WordPress plugin before 3.1.8 helps you to easily export WooCommerce order data. The tab parameter in the Admin Panel is vulnerable to reflected XSS. Este plugin de WordPress Advanced Order Export For WooCommerce versiones anteriores a 3.1.8, le ayuda a exportar fácilmente los datos de pedidos de WooCommerce. El parámetro tab en el Admin Panel es vulnerable a un ataque de tipo XSS reflejado WordPress Advanced Order Export For WooCommerce plugin version 3.1.7 s... • https://packetstorm.news/files/id/164263 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2021-27349 – Advanced Order Export for WooCommerce <= 3.1.7 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2021-27349
22 Feb 2021 — Advanced Order Export before 3.1.8 for WooCommerce allows XSS, a different vulnerability than CVE-2020-11727. Advanced Order Export versiones anteriores a 3.1.8, para WooCommerce permite un XSS, una vulnerabilidad diferente de CVE-2020-11727. • https://wordpress.org/plugins/woo-order-export-lite/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2020-11727 – Advanced Order Export for WooCommerce <= 3.1.3 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2020-11727
08 Apr 2020 — A cross-site scripting (XSS) vulnerability in the AlgolPlus Advanced Order Export For WooCommerce plugin 3.1.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the view/settings-form.php woe_post_type parameter. Una vulnerabilidad de tipo cross-site scripting (XSS) en el plugin AlgolPlus Advanced Order Export For WooCommerce versión 3.1.3, para WordPress, permite a atacantes remotos inyectar script web o HTML arbitrario por medio del parámetro woe_post_type del archivo view/s... • https://packetstorm.news/files/id/157557 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 2%CPEs: 1EXPL: 2CVE-2018-11525 – Advanced Order Export For WooCommerce <= 1.5.4 - CSV Injection
https://notcve.org/view.php?id=CVE-2018-11525
19 Jun 2018 — The plugin "Advanced Order Export For WooCommerce" for WordPress (v1.5.4 and before) is vulnerable to CSV Injection. El plugin "Advanced Order Export For WooCommerce" para WordPress (versiones 1.5.4 y anteriores) es vulnerable a una inyección de CSV. WordPress Advanced Order Export for WooCommerce plugins versions prior to 1.5.4 suffer from a CSV injection vulnerability. • https://packetstorm.news/files/id/148297 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-1236: Improper Neutralization of Formula Elements in a CSV File •