CVE-2020-11727

Reflected cross-site scripting in Advanced Order Export for WooCommerce by AlgolPlus | The Missing Link

Discovered by Jack Misiura on behalf of The Missing Link Security

Vulnerability Details

A reflected cross-site scripting (XSS) vulnerability in the WordPress AlgolPlus Advanced Order Export for WooCommerce plugin 3.1.3 allows remote attackers to inject arbitrary JavaScript or HTML via the view/settings-form.php woe_post_type parameter.

Successful exploitation of this issue may allow an attacker to perform unauthorised actions in the user’s security context.

Affected Versions

Discovered in: 3.1.3

 

Fixed Versions

Fixed in: 3.1.4

Latest News

5 Microsoft Power Platform Benefits That Will Transform Your Business

5 Key Takeaways from Early Adopters of Microsoft 365 Copilot

The Missing Link is recognised as Premier Service Delivery Partner by Netskope

See All News