Algolplus

Advanced Order Export For Woocommerce

8 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2024-10828

  • EPSS 19.65%
  • Published 13.11.2024 04:15:04
  • Last modified 19.11.2024 17:41:59

The Advanced Order Export For WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.5.5 via deserialization of untrusted input during Order export when the "Try to convert serialized values" op...

9.1

CVE-2024-31266

  • EPSS 0.5%
  • Published 25.04.2024 09:15:07
  • Last modified 21.11.2024 09:13:09

Improper Control of Generation of Code ('Code Injection') vulnerability in AlgolPlus Advanced Order Export For WooCommerce allows Code Injection.This issue affects Advanced Order Export For WooCommerce: from n/a through 3.4.4.

6.5

CVE-2022-40128

  • EPSS 0.12%
  • Published 08.11.2022 19:15:13
  • Last modified 21.11.2024 07:20:55

Cross-Site Request Forgery (CSRF) vulnerability in Advanced Order Export For WooCommerce plugin <= 3.3.2 on WordPress leading to export file download.

4.8

CVE-2022-35275

  • EPSS 0.34%
  • Published 09.09.2022 15:15:10
  • Last modified 21.11.2024 07:11:01

Authenticated (shop manager+) Reflected Cross-Site Scripting (XSS) vulnerability in AlgolPlus Advanced Order Export For WooCommerce plugin <= 3.3.1 at WordPress.

6.1

CVE-2021-24169

Exploit
  • EPSS 3.83%
  • Published 05.04.2021 19:15:15
  • Last modified 21.11.2024 05:52:30

This Advanced Order Export For WooCommerce WordPress plugin before 3.1.8 helps you to easily export WooCommerce order data. The tab parameter in the Admin Panel is vulnerable to reflected XSS.

6.1

CVE-2021-27349

  • EPSS 0.21%
  • Published 31.03.2021 22:15:14
  • Last modified 21.11.2024 05:57:49

Advanced Order Export before 3.1.8 for WooCommerce allows XSS, a different vulnerability than CVE-2020-11727.

6.1

CVE-2020-11727

Exploit
  • EPSS 0.25%
  • Published 06.05.2020 18:15:11
  • Last modified 21.11.2024 04:58:29

A cross-site scripting (XSS) vulnerability in the AlgolPlus Advanced Order Export For WooCommerce plugin 3.1.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the view/settings-form.php woe_post_type parameter.

7.8

CVE-2018-11525

Exploit
  • EPSS 2.13%
  • Published 19.06.2018 19:29:00
  • Last modified 21.11.2024 03:43:32

The plugin "Advanced Order Export For WooCommerce" for WordPress (v1.5.4 and before) is vulnerable to CSV Injection.