VulnTitan VulnTitan Security command center
Plugin Vulnerability Hub
Plugin 8 known issues Latest disclosed Nov 12, 2024

Advanced Order Export For WooCommerce Vulnerabilities

Review known vulnerability records for the WordPress plugin Advanced Order Export For WooCommerce (`woo-order-export-lite`), including severity, CVE references, affected versions, and patch status.

Recent tracked CVEs on this page include CVE-2024-10828, CVE-2024-31266 and CVE-2022-40128, so operators can jump from disclosure to patch validation without scanning the full feed first.

View on WordPress.org Back to Feed
Known Records
8
High or Critical
4
Patch Coverage
100%
Last Updated
Nov 13, 2024
Priority CVE Quick Links

Fast paths into Advanced Order Export For WooCommerce CVE reports

Start with the highest-signal CVE records for this WordPress plugin before scanning the full vulnerability feed.

Indexed CVEs
8
CVE-2024-31266 Critical 3.4.5
CVE-2024-31266 Advanced Order Export For WooCommerce Remote Code Execution

Advanced Order Export For WooCommerce <= 3.4.4 - Authenticated (Shop Manager+) Remote Code Execution

CVE-2022-40128 High 3.3.3
CVE-2022-40128 Advanced Order Export For WooCommerce Cross-Site Request Forgery

Advanced Order Export For WooCommerce <= 3.3.2 - Cross-Site Request Forgery

CVE-2024-10828 High 3.5.6
CVE-2024-10828 Advanced Order Export For WooCommerce Remote Code Execution

Advanced Order Export For WooCommerce <= 3.5.5 - Unauthenticated PHP Object Injection via Order Details

CVE-2018-11525 High 1.5.5
CVE-2018-11525 Advanced Order Export For WooCommerce Vulnerability

Advanced Order Export For WooCommerce <= 1.5.4 - CSV Injection

CVE-2021-27349 Medium 3.1.8
CVE-2021-27349 Advanced Order Export For WooCommerce Cross-Site Scripting

Advanced Order Export for WooCommerce <= 3.1.7 - Cross-Site Scripting

CVE-2022-35275 Medium 3.3.2
CVE-2022-35275 Advanced Order Export For WooCommerce Cross-Site Scripting

Advanced Order Export For WooCommerce <= 3.3.1 - Reflected Cross-Site Scripting

CVE-2021-24169 Medium 3.1.8
CVE-2021-24169 Advanced Order Export For WooCommerce Cross-Site Scripting

Advanced Order Export For WooCommerce <= 3.1.7 - Reflected Cross-Site Scripting

CVE-2020-11727 Medium 3.1.4
CVE-2020-11727 Advanced Order Export For WooCommerce Cross-Site Scripting

Advanced Order Export for WooCommerce <= 3.1.3 - Cross-Site Scripting

Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for Advanced Order Export For WooCommerce so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.

Patch Visibility
8 records include a published patch path, leaving 0 with no listed safe release yet.
Severity Mix
1 critical and 3 high severity findings.
Recent CVEs
CVE-2024-10828, CVE-2024-31266 and CVE-2022-40128
Reference Workflow
Jump from the hub into the full report when you need remediation notes, exploit context, CVSS vectors, or source references.
Triage First

Open the records most likely to drive action

These recent records surface the CVE strings, patch cues, and direct report links most operators need first.

Known Vulnerabilities

Reports for Advanced Order Export For WooCommerce

Sorted by latest disclosure date so newly published issues surface first.

Plugin High Patched: Yes CVE-2024-10828
CVE-2024-10828: Advanced Order Export For WooCommerce <= 3.5.5 - Unauthenticated PHP Object Injection via Order Details

The Advanced Order Export For WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.5.5 via deserialization of untrusted input during Order export when the "Try to convert serialized values" option is enabled. This makes it...

Published
Nov 12, 2024
Patched Release
3.5.6
Affected Versions
Versions up to 3.5.5
Next Step
Update to 3.5.6 or newer if supported.
Open CVE-2024-10828 Report Open CVE Reference
Plugin Critical Patched: Yes CVE-2024-31266
CVE-2024-31266: Advanced Order Export For WooCommerce <= 3.4.4 - Authenticated (Shop Manager+) Remote Code Execution

The Advanced Order Export For WooCommerce plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 3.4.4. This makes it possible for authenticated attackers, with shop manager-level access and above, to execute code on the server.

Published
Apr 05, 2024
Patched Release
3.4.5
Affected Versions
Versions up to 3.4.4
Next Step
Update to 3.4.5 or newer if supported.
Open CVE-2024-31266 Report Open CVE Reference
Plugin High Patched: Yes CVE-2022-40128
CVE-2022-40128: Advanced Order Export For WooCommerce <= 3.3.2 - Cross-Site Request Forgery

The Advanced Order Export For WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.3.2. This is due to missing or incorrect nonce validation on the export download functionality. This makes it possible for unauthenticate...

Published
Oct 20, 2022
Patched Release
3.3.3
Affected Versions
Versions up to 3.3.2
Next Step
Update to 3.3.3 or newer if supported.
Open CVE-2022-40128 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2022-35275
CVE-2022-35275: Advanced Order Export For WooCommerce <= 3.3.1 - Reflected Cross-Site Scripting

The Advanced Order Export For WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘'method' parameter in versions up to, and including, 3.3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticate...

Published
Aug 09, 2022
Patched Release
3.3.2
Affected Versions
Versions up to 3.3.1
Next Step
Update to 3.3.2 or newer if supported.
Open CVE-2022-35275 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2021-24169
CVE-2021-24169: Advanced Order Export For WooCommerce <= 3.1.7 - Reflected Cross-Site Scripting

This Advanced Order Export For WooCommerce WordPress plugin before 3.1.8 helps you to easily export WooCommerce order data. The tab parameter in the Admin Panel is vulnerable to reflected XSS.

Published
Mar 03, 2021
Patched Release
3.1.8
Affected Versions
Versions up to 3.1.7
Next Step
Update to 3.1.8 or newer if supported.
Open CVE-2021-24169 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2021-27349
CVE-2021-27349: Advanced Order Export for WooCommerce <= 3.1.7 - Cross-Site Scripting

Advanced Order Export before 3.1.8 for WooCommerce allows XSS, a different vulnerability than CVE-2020-11727.

Published
Feb 22, 2021
Patched Release
3.1.8
Affected Versions
Versions up to 3.1.7
Next Step
Update to 3.1.8 or newer if supported.
Open CVE-2021-27349 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2020-11727
CVE-2020-11727: Advanced Order Export for WooCommerce <= 3.1.3 - Cross-Site Scripting

A cross-site scripting (XSS) vulnerability in the AlgolPlus Advanced Order Export For WooCommerce plugin 3.1.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the view/settings-form.php woe_post_type parameter.

Published
Apr 08, 2020
Patched Release
3.1.4
Affected Versions
Versions before 3.1.4
Next Step
Update to 3.1.4 or newer if supported.
Open CVE-2020-11727 Report Open CVE Reference
Plugin High Patched: Yes CVE-2018-11525
CVE-2018-11525: Advanced Order Export For WooCommerce <= 1.5.4 - CSV Injection

The plugin "Advanced Order Export For WooCommerce" for WordPress (v1.5.4 and before) is vulnerable to CSV Injection.

Published
Jun 20, 2018
Patched Release
1.5.5
Affected Versions
Versions up to 1.5.4
Next Step
Update to 1.5.5 or newer if supported.
Open CVE-2018-11525 Report Open CVE Reference