cleantalk
Vulnerabilities and Security Researches

Vulnerabilities and security researches fororder-import-export-for-woocommerce order-import-export-for-woocommerce

Direction: ascending
Jun 07, 2024

Order Export & Order Import for WooCommerce # CVE-2024-34751

CVE, Research URL

CVE-2024-34751

Home page URL

Security reports for Order Export & Order Import for WooCommerce

Application

Order Export & Order Import for WooCommerce

Date
May 16, 2024
Research Description
Deserialization of Untrusted Data vulnerability in WebToffee Order Export & Order Import for WooCommerce.This issue affects Order Export & Order Import for WooCommerce: from n/a through 2.4.9.
Affected versions
Min -, max -.
Status
vulnerable

Order Export & Order Import for WooCommerce # e630d9fd8a63e18450e3395523b08dbcbb398f4d

CVE, Research URL

e630d9fd8a63e18450e3395523b08dbcbb398f4d

Home page URL

Security reports for Order Export & Order Import for WooCommerce

Application

Order Export & Order Import for WooCommerce

Date
Mar 11, 2020
Research Description
Order Export &amp; Order Import for WooCommerce [order-import-export-for-woocommerce] < 1.0.9 (closed) WordPress Order Export & Order Import for WooCommerce plugin <= 1.6.0 - Cross-Site Request Forgery (CSRF) vulnerability Cross-Site Request Forgery (CSRF) vulnerability discovered by WordFence in WordPress Order Export & Order Import for WooCommerce plugin (versions <= 1.6.0).
Affected versions
Min -, max -.
Status
vulnerable

Order Export &amp; Order Import for WooCommerce # CVE-2024-22135

CVE, Research URL

CVE-2024-22135

Home page URL

Security reports for Order Export &amp; Order Import for WooCommerce

Application

Order Export &amp; Order Import for WooCommerce

Date
Jan 24, 2024
Research Description
Unrestricted Upload of File with Dangerous Type vulnerability in WebToffee Order Export & Order Import for WooCommerce.This issue affects Order Export & Order Import for WooCommerce: from n/a through 2.4.3.
Affected versions
Min -, max -.
Status
vulnerable
Mar 21, 2025

Order Export &amp; Order Import for WooCommerce # CVE-2024-13921

CVE, Research URL

CVE-2024-13921

Home page URL

Security reports for Order Export &amp; Order Import for WooCommerce

Application

Order Export &amp; Order Import for WooCommerce

Date
Mar 20, 2025
Research Description
The Order Export & Order Import for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.6.0 via deserialization of untrusted input from the 'form_data' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present.
Affected versions
Min -, max -.
Status
vulnerable

Order Export &amp; Order Import for WooCommerce # CVE-2024-13922

CVE, Research URL

CVE-2024-13922

Home page URL

Security reports for Order Export &amp; Order Import for WooCommerce

Application

Order Export &amp; Order Import for WooCommerce

Date
Mar 20, 2025
Research Description
The Order Export & Order Import for WooCommerce plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the admin_log_page() function in all versions up to, and including, 2.6.0. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary log files on the server.
Affected versions
Min -, max -.
Status
vulnerable

Order Export &amp; Order Import for WooCommerce # CVE-2024-13923

CVE, Research URL

CVE-2024-13923

Home page URL

Security reports for Order Export &amp; Order Import for WooCommerce

Application

Order Export &amp; Order Import for WooCommerce

Date
Mar 20, 2025
Research Description
The Order Export & Order Import for WooCommerce plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.6.0 via the validate_file() function. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
Affected versions
Min -, max -.
Status
vulnerable

Order Export &amp; Order Import for WooCommerce # CVE-2024-13920

CVE, Research URL

CVE-2024-13920

Home page URL

Security reports for Order Export &amp; Order Import for WooCommerce

Application

Order Export &amp; Order Import for WooCommerce

Date
Mar 20, 2025
Research Description
The Order Export & Order Import for WooCommerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.6.0 via the download_file() function. This makes it possible for authenticated attackers, with Administrator-level access and above, to read the contents of arbitrary log files on the server, which can contain sensitive information.
Affected versions
Min -, max -.
Status
vulnerable