CVE-2022-35275 An authenticated Reflected XSS vulnerability in the AlgolPlus Advanced Order Export For WooCommerce plugin 3.3.1 or earlier.

The issue is a Reflected XSS, which can be exploited to inject malicious code or steal sensitive data. An attacker can exploit Reflected XSS to access or alter data in vulnerable installations, creating a danger to the security of the system or network.

AlgolPlus Advanced Order Export For WooCommerce plugin is prone to a Reflected XSS vulnerability. The standard version of the plugin is vulnerable to this issue, but the Shop Manager+ feature version is also at risk.

Raccoon is not vulnerable to Reflected XSS at the moment. The vendor acknowledged this vulnerability in September of 2018 and released version 3.3.1, which fixes the issue. You can update to this version as soon as possible. The standard version of the plugin is not vulnerable at the moment. However, it is recommended to update to version 3.3.1 as soon this issue has been fixed.

Description of Reflected XSS vulnerability

A reflected XSS vulnerability is a type of cross-site scripting vulnerability that is found in websites, applications, or plugins. When an attacker crafts a malicious web page with a URL that contains the name of an application, they can use this vulnerability to execute code on the vulnerable page. To exploit this vulnerability, an attacker will need to inject their own CSS style sheet into the HTML response of the vulnerable site. This causes the browser to render different code than the developer intended when rendering content on their website.

How does Reflected XSS work?

Reflected XSS is an attack that happens when the malicious user gets input from a victim, which is then executed as code on the server. This is often achieved through social engineering techniques, like when an attacker sends a link to a vulnerable site, tricking the victim into thinking it will be safe. The malicious code injects code into a vulnerable website.

Description of Reflected XSS

Reflected XSS is a form of Cross-site Scripting (XSS) that occurs when an attacker is able to inject malicious code or steal sensitive data from vulnerable installations. An attacker can exploit this vulnerability to access or alter data in vulnerable installations, creating a danger to the security of the system or network.

Timeline

Published on: 09/09/2022 15:15:00 UTC
Last modified on: 09/10/2022 03:53:00 UTC

References

• https://patchstack.com/database/vulnerability/woo-order-export-lite/wordpress-advanced-order-export-for-woocommerce-plugin-3-3-1-reflected-cross-site-scripting-xss-vulnerability/_s_id=cve
• https://wordpress.org/plugins/woo-order-export-lite/
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-35275