CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46822 – WordPress WooCommerce – Store Exporter Plugin <= 2.7.2 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-46822
Unauth. Reflected Cross-Site Scripting') vulnerability in Visser Labs Store Exporter for WooCommerce – Export Products, Export Orders, Export Subscriptions, and More plugin <= 2.7.2 versions. Vulnerabilidad de Cross-Site Scripting (XSS) Reflejada No Autenticada en Visser Labs Store Exporter para WooCommerce: en los complementos Export Products, Export Orders, Export Subscriptions, and More en versiones <= 2.7.2. The Store Exporter for WooCommerce – Export Products, Export Orders, Export Subscriptions, and More plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'filter' parameter in all versions up to, and including, 2.7.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/woocommerce-exporter/wordpress-store-exporter-for-woocommerce-plugin-2-7-2-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-0149 – WooCommerce – Store Exporter < 2.7.1 - Reflected Cross-Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2022-0149
The WooCommerce Stored Exporter WordPress plugin before 2.7.1 was affected by a Reflected Cross-Site Scripting (XSS) vulnerability in the woo_ce admin page. El plugin de WordPress WooCommerce Stored Exporter anterior a la versión 2.7.1 estaba afectado por una vulnerabilidad de Cross-Site Scripting (XSS) reflejada en la página de administración de woo_ce • https://plugins.trac.wordpress.org/changeset/2654545/woocommerce-exporter https://wpscan.com/vulnerability/e47c288a-2ea3-4926-93cc-113867cbc77c • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-10935 – WooCommerce – Store Exporter <= 1.8.3 - Missing Authorization
https://notcve.org/view.php?id=CVE-2016-10935
The woocommerce-exporter plugin before 1.8.4 for WordPress has privilege escalation. El plugin woocommerce-exportador antes de 1.8.4 para WordPress tiene una escalada de privilegios The WooCommerce – Store Exporter plugin for WordPress is vulnerable to authorization bypass due to a missing capability check in the woo_ce_admin_init function hooked via 'init' in versions up to, and including 1.8.3. This makes it possible for unauthenticated attackers to perform actions like exporting data that may contain sensitive information. • https://wordpress.org/plugins/woocommerce-exporter/#developers https://wpvulndb.com/vulnerabilities/9825 • CWE-264: Permissions, Privileges, and Access Controls CWE-862: Missing Authorization •