Vulnerability Description
A cross-site scripting (XSS) vulnerability in the AlgolPlus Advanced Order Export For WooCommerce plugin 3.1.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the view/settings-form.php woe_post_type parameter.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Algolplus | Advanced Order Export For Woocommerce | 3.1.3 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/157557/WordPress-WooCommerce-Advanced-OrderExploitThird Party AdvisoryVDB Entry
- https://plugins.trac.wordpress.org/browser/woo-order-export-lite/trunk/view/settThird Party Advisory
- https://wordpress.org/plugins/woo-order-export-lite/#developersRelease NotesThird Party Advisory
- https://www.themissinglink.com.au/security-advisories-cve-2020-11727Third Party Advisory
- http://packetstormsecurity.com/files/157557/WordPress-WooCommerce-Advanced-OrderExploitThird Party AdvisoryVDB Entry
- https://plugins.trac.wordpress.org/browser/woo-order-export-lite/trunk/view/settThird Party Advisory
- https://wordpress.org/plugins/woo-order-export-lite/#developersRelease NotesThird Party Advisory
- https://www.themissinglink.com.au/security-advisories-cve-2020-11727Third Party Advisory
FAQ
What is CVE-2020-11727?
CVE-2020-11727 is a vulnerability with a CVSS score of 6.1 (MEDIUM). A cross-site scripting (XSS) vulnerability in the AlgolPlus Advanced Order Export For WooCommerce plugin 3.1.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the view...
How severe is CVE-2020-11727?
CVE-2020-11727 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-11727?
Check the references section above for vendor advisories and patch information. Affected products include: Algolplus Advanced Order Export For Woocommerce.