6.1
CVE-2021-24169
- EPSS 2.37%
- Veröffentlicht 05.04.2021 19:15:15
- Zuletzt bearbeitet 21.11.2024 05:52:30
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginAdvanced Order Export For WooCommerce <= 3.1.7 - Reflected Cross-Site Scripting
This Advanced Order Export For WooCommerce WordPress plugin before 3.1.8 helps you to easily export WooCommerce order data. The tab parameter in the Admin Panel is vulnerable to reflected XSS.
Mögliche Gegenmaßnahme
Advanced Order Export For WooCommerce: Update to version 3.1.8, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Advanced Order Export For WooCommerce
Version
* - 3.1.7
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Algolplus ≫ Advanced Order Export For Woocommerce SwPlatformwordpress Version < 3.1.8
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.37% | 0.844 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.1 | 2.8 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.