Vulnerabilities and security researches fororder-export-and-more-for-woocommerce order-export-and-more-for-woocommerce

Aug 16, 2024

CVE, Research URL: CVE-2024-43259
Home page URL: Security reports for Order Export for WooCommerce
Application: Order Export for WooCommerce
Date: Aug 27, 2024
Research Description: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in JEM Plugins Order Export for WooCommerce.This issue affects Order Export for WooCommerce: from n/a through 3.23.
Affected versions: max 3.24.
Status: vulnerable

Feb 01, 2025

CVE, Research URL: CVE-2024-13623
Home page URL: Security reports for Order Export for WooCommerce
Application: Order Export for WooCommerce
Date: Jan 31, 2025
Research Description: The Order Export for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.24 via the 'uploads' directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/uploads directory which can contain exported order information. The plugin is only vulnerable when 'Order data storage' is set to 'WordPress posts storage (legacy)', and cannot be exploited when the default option of 'High-performance order storage' is enabled.
Affected versions: max 3.25.
Status: vulnerable