Advanced Order Export For WooCommerce < 3.1.4 - Authenticated Cross-Site Scripting (XSS)



Description
The Advanced Order Export plugin for WooCommerce versions < 3.1.4 had a reflected XSS vulnerability due to lack of input sanitization on the woe_post_type parameter. This allowed arbitrary HTML and JavaScript injection and execution in the context of the logged in user.
Proof of Concept
On a WooCommerce installation with a vulnerable Advanced Order Export plugin (< 3.1.4), issue the following request while logged in as Administrator:

https://example.com/wp-admin/admin.php?page=wc-order-export&tab=export&woe_post_type=%22%3E%3Cscript%3Ealert(1);#segment=common

Affects Plugin

fixed in version 3.1.4

References

CVE 2020-11727
URL https://www.themissinglink.com.au/security-advisories-cve-2020-11727
URL https://plugins.trac.wordpress.org/changeset/2283137/woo-order-export-lite

Classification

Type XSS
OWASP Top 10 A7: Cross-Site Scripting (XSS)
CWE CWE-79

Miscellaneous

Original Researcher Jack Misiura
Submitter Jack Misiura
Submitter Website https://www.themissinglink.com.au
Views 1127
Verified No
WPVDB ID 10212

Timeline

Publicly Published 2020-05-04 (22 days ago)
Added 2020-05-04 (21 days ago)
Last Updated 2020-05-05 (20 days ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin