Headline
CVE-2022-40128: WordPress Advanced Order Export For WooCommerce plugin <= 3.3.2 - Cross-Site Request Forgery (CSRF) vulnerability - Patchstack
Cross-Site Request Forgery (CSRF) vulnerability in Advanced Order Export For WooCommerce plugin <= 3.3.2 on WordPress leading to export file download.
Verified
Fixed
4.3
CVSS 3.1 score Medium severity
Report
Monitoring Not reported to be exploited
Vulnerable versions
<= 3.3.2
PSID
a89cac7d4579
Classification
Cross Site Request Forgery (CSRF)
OWASP Top 10
A5: Broken Access Control
Publicly disclosed
2022-10-20
Details
Cross-Site Request Forgery (CSRF) vulnerability leading to export file download discovered by Lana Codes (Patchstack Alliance) in WordPress Advanced Order Export For WooCommerce plugin (versions <= 3.3.2).
Solution
Update the WordPress Advanced Order Export For WooCommerce plugin to the latest available version (at least 3.3.3).
References