Lucene search

WpvulndbWPVDB-ID:9E1BC030-8327-43A7-B872-70159B53A05D

HistoryApr 12, 2024 - 12:00 a.m.

Advanced Order Export For WooCommerce < 3.4.5 - Shop Manager+ Remote Code Execution

2024-04-1200:00:00

wpscan.com

remote code execution

woocommerce

shop manager access

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

AI Score

7.9

Confidence

Low

EPSS

Percentile

9.0%

JSON

Description The plugin is vulnerable to Remote Code Execution in all versions up to, and including, 3.4.4. This makes it possible for authenticated attackers, with shop manager-level access and above, to execute code on the server.

References

patchstack.com/database/vulnerability/woo-order-export-lite/wordpress-advanced-order-export-for-woocommerce-plugin-3-4-4-remote-code-execution-vulnerability

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

AI Score

7.9

Confidence

Low

EPSS

Percentile

9.0%

JSON

Related for WPVDB-ID:9E1BC030-8327-43A7-B872-70159B53A05D