Reflected cross-site scripting in Advanced Order Export for WooCommerce by AlgolPlus | The Missing Link

Discovered by Jack Misiura on behalf of The Missing Link Security

Vulnerability Details

A reflected cross-site scripting (XSS) vulnerability in the WordPress AlgolPlus Advanced Order Export for WooCommerce plugin 3.1.3 allows remote attackers to inject arbitrary JavaScript or HTML via the view/settings-form.php woe_post_type parameter.

Successful exploitation of this issue may allow an attacker to perform unauthorised actions in the user’s security context.

Affected Versions

Discovered in: 3.1.3


Fixed Versions

Fixed in: 3.1.4

Latest News