WordPress WooCommerce Advanced Order Export plugin version 3.1.3 suffers from a cross site scripting vulnerability.
4d813f18afcf977d88533a85efc4c0bf
Title: Reflected XSS
Product: WordPress WooCommerce - Advanced Order Export plugin.
Vendor Homepage: https://algolplus.com/plugins/downloads/advanced-order-export-for-woocommerce-pro/
Vulnerable Version: 3.1.3
Fixed Version: 3.1.4
CVE Number: CVE-2020-11727
Author: Jack Misiura from The Missing Link
Website: https://www.themissinglink.com.au
Timeline:
2020-04-08 Disclosed to Vendor
2020-04-08 Vendor sends fix for testing
2020-04-09 Fix confirmed
2020-04-28 Vendor publishes fix
2020-05-04 Publication
1. Vulnerability Description
The WordPress Advanced Order Export WooCommerce plugin does not sanitise the woe_post_type parameter which can be passed through in the URL, allowing for HTML or JavaScript injection.
2. PoC
On a WordPress installation with WooCommerce and a vulnerable Advanced Order Export plugin, issue the following request while logged in as Administrator:
https://wp-site/wp-admin/admin.php?page=wc-order-export&tab=export&woe_post_type=%22%3E%3Cscript%3Ealert(1);#segment=common
3. Solution
The vendor provides an updated version (3.1.4) which should be installed immediately.
4. Advisory URL
https://www.themissinglink.com.au/security-advisories