cleantalk
Vulnerabilities and Security Researches

Order Export & Order Import for WooCommerce, CVE-2024-13923

CVE, Research URL

CVE-2024-13923

Home page URL

Security reports for Order Export & Order Import for WooCommerce

Application

Order Export & Order Import for WooCommerce

Published on
Mar 20, 2025
Research Description
The Order Export & Order Import for WooCommerce plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.6.0 via the validate_file() function. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
Affected versions
Min -, max 2.6.1.
Status
vulnerable
Previous vulnerability researches
Order Export & Order Import for WooCommerce (CVE-2024-13921) , Mar 21, 2025
Order Export & Order Import for WooCommerce (CVE-2024-13922) , Mar 21, 2025
Order Export & Order Import for WooCommerce (CVE-2024-13923) , Mar 21, 2025
Order Export & Order Import for WooCommerce (CVE-2024-13920) , Mar 21, 2025
Order Export & Order Import for WooCommerce (CVE-2024-34751) , Jun 07, 2024
New vulnerability
Bold Page Builder (CVE-2025-3715) , May 18, 2025
Wise Chat (CVE-2024-13613) , May 18, 2025
WP Booking Calendar (CVE-2025-4669) , May 18, 2025
WooCommerce POS (CVE-2025-48117) , May 18, 2025
BERTHA AI. Your AI co-pilot for WordPress and Chrome (CVE-2025-48138) , May 18, 2025