CVE-2021-24169 - OpenCVE

This Advanced Order Export For WooCommerce WordPress plugin before 3.1.8 helps you to easily export WooCommerce order data. The tab parameter in the Admin Panel is vulnerable to reflected XSS.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Algolplus	Advanced Order Export

Configuration 1 [-]

cpe:2.3:a:algolplus:advanced_order_export:*:*:*:*:*:wordpress:*:*

References

Link	Resource
http://packetstormsecurity.com/files/164263/WordPress-Advanced-Order-Export-For-WooCommerce-3.1.7-Cross-Site-Scripting.html	Exploit Third Party Advisory VDB Entry
https://wpscan.com/vulnerability/09681a6c-57b8-4448-982a-fe8d28c87fc3	Exploit Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: WPScan

Published: 2021-04-05T18:27:44

Updated: 2021-09-23T16:06:12

Reserved: 2021-01-14T00:00:00

Link: CVE-2021-24169

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-04-05T19:15:15.733

Modified: 2021-12-03T18:27:05.857

Link: CVE-2021-24169

JSON object: View

Redhat Information

No data.

CWE

CWE-79

{"containers": {"cna": {"affected": [{"product": "Advanced Order Export For WooCommerce", "vendor": "Unknown", "versions": [{"lessThan": "3.1.8", "status": "affected", "version": "3.1.8", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "0xB9"}], "descriptions": [{"lang": "en", "value": "This Advanced Order Export For WooCommerce WordPress plugin before 3.1.8 helps you to easily export WooCommerce order data. The tab parameter in the Admin Panel is vulnerable to reflected XSS."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79 Cross-site Scripting (XSS)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-09-23T16:06:12", "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://wpscan.com/vulnerability/09681a6c-57b8-4448-982a-fe8d28c87fc3"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/164263/WordPress-Advanced-Order-Export-For-WooCommerce-3.1.7-Cross-Site-Scripting.html"}], "source": {"discovery": "UNKNOWN"}, "title": "Advanced Order Export For WooCommerce < 3.1.8 - Reflected Cross-Site Scripting (XSS)", "x_generator": "WPScan CVE Generator", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "contact@wpscan.com", "ID": "CVE-2021-24169", "STATE": "PUBLIC", "TITLE": "Advanced Order Export For WooCommerce < 3.1.8 - Reflected Cross-Site Scripting (XSS)"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Advanced Order Export For WooCommerce", "version": {"version_data": [{"version_affected": "<", "version_name": "3.1.8", "version_value": "3.1.8"}]}}]}, "vendor_name": "Unknown"}]}}, "credit": [{"lang": "eng", "value": "0xB9"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "This Advanced Order Export For WooCommerce WordPress plugin before 3.1.8 helps you to easily export WooCommerce order data. The tab parameter in the Admin Panel is vulnerable to reflected XSS."}]}, "generator": "WPScan CVE Generator", "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-79 Cross-site Scripting (XSS)"}]}]}, "references": {"reference_data": [{"name": "https://wpscan.com/vulnerability/09681a6c-57b8-4448-982a-fe8d28c87fc3", "refsource": "CONFIRM", "url": "https://wpscan.com/vulnerability/09681a6c-57b8-4448-982a-fe8d28c87fc3"}, {"name": "http://packetstormsecurity.com/files/164263/WordPress-Advanced-Order-Export-For-WooCommerce-3.1.7-Cross-Site-Scripting.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/164263/WordPress-Advanced-Order-Export-For-WooCommerce-3.1.7-Cross-Site-Scripting.html"}]}, "source": {"discovery": "UNKNOWN"}}}}, "cveMetadata": {"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "assignerShortName": "WPScan", "cveId": "CVE-2021-24169", "datePublished": "2021-04-05T18:27:44", "dateReserved": "2021-01-14T00:00:00", "dateUpdated": "2021-09-23T16:06:12", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:algolplus:advanced_order_export:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "83322B10-5D7D-4A9F-8D8E-146B97599AA5", "versionEndExcluding": "3.1.8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "This Advanced Order Export For WooCommerce WordPress plugin before 3.1.8 helps you to easily export WooCommerce order data. The tab parameter in the Admin Panel is vulnerable to reflected XSS."}, {"lang": "es", "value": "Este plugin de WordPress Advanced Order Export For WooCommerce versiones anteriores a 3.1.8, le ayuda a exportar f\u00e1cilmente los datos de pedidos de WooCommerce. El par\u00e1metro tab en el Admin Panel es vulnerable a un ataque de tipo XSS reflejado"}], "id": "CVE-2021-24169", "lastModified": "2021-12-03T18:27:05.857", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-04-05T19:15:15.733", "references": [{"source": "contact@wpscan.com", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/164263/WordPress-Advanced-Order-Export-For-WooCommerce-3.1.7-Cross-Site-Scripting.html"}, {"source": "contact@wpscan.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wpscan.com/vulnerability/09681a6c-57b8-4448-982a-fe8d28c87fc3"}], "sourceIdentifier": "contact@wpscan.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "contact@wpscan.com", "type": "Secondary"}]}