CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-40128 – WordPress Advanced Order Export For WooCommerce plugin <= 3.3.2 - Cross-Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2022-40128
Cross-Site Request Forgery (CSRF) vulnerability in Advanced Order Export For WooCommerce plugin <= 3.3.2 on WordPress leading to export file download. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Advanced Order Export For WooCommerce de WordPress en versiones <= 3.3.2 que conduce a la descarga del archivo de exportación. The Advanced Order Export For WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.3.2. This is due to missing or incorrect nonce validation on the export download functionality. This makes it possible for unauthenticated attackers to execute this code on behalf of an administrator, via forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/woo-order-export-lite/wordpress-advanced-order-export-for-woocommerce-plugin-3-3-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve https://wordpress.org/plugins/woo-order-export-lite • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-35275 – WordPress Advanced Order Export For WooCommerce plugin <= 3.3.1 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2022-35275
Authenticated (shop manager+) Reflected Cross-Site Scripting (XSS) vulnerability in AlgolPlus Advanced Order Export For WooCommerce plugin <= 3.3.1 at WordPress. Una vulnerabilidad de tipo Cross-Site Scripting (XSS) Reflejado Autenticado (administrador de tienda+) en el plugin AlgolPlus Advanced Order Export For WooCommerce versiones anteriores a 3.3.1 incluyéndola, en WordPress The Advanced Order Export For WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘'method' parameter in versions up to, and including, 3.3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/woo-order-export-lite/wordpress-advanced-order-export-for-woocommerce-plugin-3-3-1-reflected-cross-site-scripting-xss-vulnerability/_s_id=cve https://wordpress.org/plugins/woo-order-export-lite • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 3CVE-2021-24169 – Advanced Order Export For WooCommerce < 3.1.8 - Reflected Cross-Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2021-24169
This Advanced Order Export For WooCommerce WordPress plugin before 3.1.8 helps you to easily export WooCommerce order data. The tab parameter in the Admin Panel is vulnerable to reflected XSS. Este plugin de WordPress Advanced Order Export For WooCommerce versiones anteriores a 3.1.8, le ayuda a exportar fácilmente los datos de pedidos de WooCommerce. El parámetro tab en el Admin Panel es vulnerable a un ataque de tipo XSS reflejado WordPress Advanced Order Export For WooCommerce plugin version 3.1.7 suffers from a cross site scripting vulnerability. • https://www.exploit-db.com/exploits/50324 http://packetstormsecurity.com/files/164263/WordPress-Advanced-Order-Export-For-WooCommerce-3.1.7-Cross-Site-Scripting.html https://wpscan.com/vulnerability/09681a6c-57b8-4448-982a-fe8d28c87fc3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2021-27349 – Advanced Order Export for WooCommerce <= 3.1.7 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2021-27349
Advanced Order Export before 3.1.8 for WooCommerce allows XSS, a different vulnerability than CVE-2020-11727. Advanced Order Export versiones anteriores a 3.1.8, para WooCommerce permite un XSS, una vulnerabilidad diferente de CVE-2020-11727. • https://wordpress.org/plugins/woo-order-export-lite/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2020-11727 – Advanced Order Export for WooCommerce <= 3.1.3 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2020-11727
A cross-site scripting (XSS) vulnerability in the AlgolPlus Advanced Order Export For WooCommerce plugin 3.1.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the view/settings-form.php woe_post_type parameter. Una vulnerabilidad de tipo cross-site scripting (XSS) en el plugin AlgolPlus Advanced Order Export For WooCommerce versión 3.1.3, para WordPress, permite a atacantes remotos inyectar script web o HTML arbitrario por medio del parámetro woe_post_type del archivo view/settings-form.php. WordPress WooCommerce Advanced Order Export plugin version 3.1.3 suffers from a cross site scripting vulnerability. • http://packetstormsecurity.com/files/157557/WordPress-WooCommerce-Advanced-Order-Export-3.1.3-Cross-Site-Scripting.html https://plugins.trac.wordpress.org/browser/woo-order-export-lite/trunk/view/settings-form.php https://wordpress.org/plugins/woo-order-export-lite/#developers https://www.themissinglink.com.au/security-advisories-cve-2020-11727 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •