cleantalk
Vulnerabilities and Security Researches

Order Export & Order Import for WooCommerce, CVE-2024-13920

CVE, Research URL

CVE-2024-13920

Home page URL

Security reports for Order Export & Order Import for WooCommerce

Application

Order Export & Order Import for WooCommerce

Published on
Mar 20, 2025
Research Description
The Order Export & Order Import for WooCommerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.6.0 via the download_file() function. This makes it possible for authenticated attackers, with Administrator-level access and above, to read the contents of arbitrary log files on the server, which can contain sensitive information.
Affected versions
Min -, max 2.6.1.
Status
vulnerable
Previous vulnerability researches
Order Export & Order Import for WooCommerce (CVE-2024-13921) , Mar 21, 2025
Order Export & Order Import for WooCommerce (CVE-2024-13922) , Mar 21, 2025
Order Export & Order Import for WooCommerce (CVE-2024-13923) , Mar 21, 2025
Order Export & Order Import for WooCommerce (CVE-2024-13920) , Mar 21, 2025
Order Export & Order Import for WooCommerce (CVE-2024-34751) , Jun 07, 2024
New vulnerability
Bold Page Builder (CVE-2025-3715) , May 18, 2025
Wise Chat (CVE-2024-13613) , May 18, 2025
WP Booking Calendar (CVE-2025-4669) , May 18, 2025
WooCommerce POS (CVE-2025-48117) , May 18, 2025
BERTHA AI. Your AI co-pilot for WordPress and Chrome (CVE-2025-48138) , May 18, 2025