ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Advanced Order Export For WooCommerce plugin <= 1.5.4 - CSV Injection vulnerability

Product
Advanced Order Export For WooCommerce
Description
CSV Injection vulnerability found by Bhushan Patil in WordPress Advanced Order Export For WooCommerce plugin (versions <= 1.5.4).
Solution
Update the WordPress Advanced Order Export For WooCommerce plugin to the latest available version (at least 1.5.5).
Classification
Type Unknown
OWASP Top 10 A1: Injection
References
Plugin changelog
CVE
Name CVE-2018-11525
Versions
Affected In <= 1.5.4
Fixed In 1.5.5
Disclosure date
2018-06-22
Credits
Bhushan Patil
Submitter
ThreatPress