CVE-2020-11727

Reflected cross-site scripting in Advanced Order Export for WooCommerce by AlgolPlus | The Missing Link

Discovered by Jack Misiura on behalf of The Missing Link Security

Vulnerability Details

A reflected cross-site scripting (XSS) vulnerability in the WordPress AlgolPlus Advanced Order Export for WooCommerce plugin 3.1.3 allows remote attackers to inject arbitrary JavaScript or HTML via the view/settings-form.php woe_post_type parameter.

Successful exploitation of this issue may allow an attacker to perform unauthorised actions in the user’s security context.

Affected Versions

Discovered in: 3.1.3

 

Fixed Versions

Fixed in: 3.1.4

Latest News

You’ve chosen a managed IT service provider – what comes next?

An inside look at The Missing Link internship experience

The Neural Link | Edition 1

See All News