WordPress WooCommerce Advanced Order Export 3.1.3 Cross Site Scripting

WordPress WooCommerce Advanced Order Export plugin version 3.1.3 suffers from a cross site scripting vulnerability.


MD5 | 4d813f18afcf977d88533a85efc4c0bf

Title: Reflected XSS



Product: WordPress WooCommerce - Advanced Order Export plugin.



Vendor Homepage: https://algolplus.com/plugins/downloads/advanced-order-export-for-woocommerce-pro/



Vulnerable Version: 3.1.3



Fixed Version: 3.1.4



CVE Number: CVE-2020-11727



Author: Jack Misiura from The Missing Link



Website: https://www.themissinglink.com.au



Timeline:



2020-04-08 Disclosed to Vendor

2020-04-08 Vendor sends fix for testing

2020-04-09 Fix confirmed

2020-04-28 Vendor publishes fix

2020-05-04 Publication



1. Vulnerability Description



The WordPress Advanced Order Export WooCommerce plugin does not sanitise the woe_post_type parameter which can be passed through in the URL, allowing for HTML or JavaScript injection.



2. PoC



On a WordPress installation with WooCommerce and a vulnerable Advanced Order Export plugin, issue the following request while logged in as Administrator:

https://wp-site/wp-admin/admin.php?page=wc-order-export&tab=export&woe_post_type=%22%3E%3Cscript%3Ealert(1);#segment=common



3. Solution



The vendor provides an updated version (3.1.4) which should be installed immediately.



4. Advisory URL



https://www.themissinglink.com.au/security-advisories

Related Posts