What is CVE-2021-24169?

CVE-2021-24169 is a medium-severity vulnerability in Algolplus Advanced_order_export_for_woocommerce, classified under Cross-site Scripting. CVSS score: 6.1/10. Published 2021-04-05.

How severe is CVE-2021-24169?

Medium severity. CVSS v3 base score is 6.1 out of 10.

Is CVE-2021-24169 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

XSS in Algolplus Advanced_order_export_for_woocommerce

CVE-2021-24169

This Advanced Order Export For WooCommerce WordPress plugin before 3.1.8 helps you to easily export WooCommerce order data. The tab parameter in the Admin Panel is vulnerable to reflected XSS.

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.094 (94.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.1 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N.

Affected products

Algolplus Advanced_order_export_for_woocommerce
Unknown Advanced Order Export For Woocommerce — versions 3.1.8

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

Public proof-of-concept exploits

References

contact@wpscan.com (x_refsource_CONFIRM, Exploit, Third Party Advisory)
contact@wpscan.com (Exploit, VDB Entry, Third Party Advisory, x_refsource_MISC)

Frequently asked questions

What is CVE-2021-24169?: CVE-2021-24169 is a medium-severity vulnerability in Algolplus Advanced_order_export_for_woocommerce, classified under Cross-site Scripting. CVSS score: 6.1/10. Published 2021-04-05.
How severe is CVE-2021-24169?: Medium severity. CVSS v3 base score is 6.1 out of 10.
Is CVE-2021-24169 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.