Title: Reflected XSS

 

Product: WordPress WooCommerce - Advanced Order Export plugin.

 

Vendor Homepage: https://algolplus.com/plugins/downloads/advanced-order-export-for-woocommerce-pro/

 

Vulnerable Version: 3.1.3

 

Fixed Version: 3.1.4

 

CVE Number: CVE-2020-11727

 

Author: Jack Misiura from The Missing Link 

 

Website: https://www.themissinglink.com.au

 

Timeline:

 

2020-04-08 Disclosed to Vendor

2020-04-08 Vendor sends fix for testing

2020-04-09 Fix confirmed

2020-04-28 Vendor publishes fix

2020-05-04 Publication

 

1. Vulnerability Description

 

The WordPress Advanced Order Export WooCommerce plugin does not sanitise the woe_post_type parameter which can be passed through in the URL, allowing for HTML or JavaScript injection.

 

2. PoC

 

On a WordPress installation with WooCommerce and a vulnerable Advanced Order Export plugin, issue the following request while logged in as Administrator:

https://wp-site/wp-admin/admin.php?page=wc-order-export&tab=export&woe_post_type=%22%3E%3Cscript%3Ealert(1);#segment=common

 

3. Solution

 

The vendor provides an updated version (3.1.4) which should be installed immediately.

 

4. Advisory URL

 

https://www.themissinglink.com.au/security-advisories