Refine your search
2 vulnerabilities found for Order Export for WooCommerce by WebFactory
CVE-2024-13623 (GCVE-0-2024-13623)
Vulnerability from cvelistv5
Published
2025-01-31 06:40
Modified
2026-04-08 16:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Summary
The Order Export for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.24 via the 'uploads' directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/uploads directory which can contain exported order information. The plugin is only vulnerable when 'Order data storage' is set to 'WordPress posts storage (legacy)', and cannot be exploited when the default option of 'High-performance order storage' is enabled.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| webfactory | Order Export for WooCommerce |
Version: 0 ≤ 3.24 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-13623",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-31T19:29:10.588844Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-31T19:35:38.286Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Order Export for WooCommerce",
"vendor": "webfactory",
"versions": [
{
"lessThanOrEqual": "3.24",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Tim Coen"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Order Export for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.24 via the \u0027uploads\u0027 directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/uploads directory which can contain exported order information. The plugin is only vulnerable when \u0027Order data storage\u0027 is set to \u0027WordPress posts storage (legacy)\u0027, and cannot be exploited when the default option of \u0027High-performance order storage\u0027 is enabled."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:37:42.691Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/18d6dffd-8df3-4611-ad94-6d806aa7328a?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/order-export-and-more-for-woocommerce/trunk/inc/JEMEXP_Order.php"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3230283/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-01-30T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "Order Export for WooCommerce \u003c= 3.24 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-13623",
"datePublished": "2025-01-31T06:40:18.223Z",
"dateReserved": "2025-01-22T18:37:55.177Z",
"dateUpdated": "2026-04-08T16:37:42.691Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-43259 (GCVE-0-2024-43259)
Vulnerability from cvelistv5
Published
2024-08-26 20:13
Modified
2026-04-01 15:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-201 - Insertion of Sensitive Information Into Sent Data
Summary
Insertion of Sensitive Information Into Sent Data vulnerability in WebFactory Order Export for WooCommerce order-export-and-more-for-woocommerce.This issue affects Order Export for WooCommerce: from n/a through <= 3.23.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| WebFactory | Order Export for WooCommerce |
Version: 0 < |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:jem_plugins:order_expert_for_woocommerce:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "order_expert_for_woocommerce",
"vendor": "jem_plugins",
"versions": [
{
"lessThanOrEqual": "3.23",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-43259",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-27T13:27:29.415264Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-27T13:29:45.208Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "order-export-and-more-for-woocommerce",
"product": "Order Export for WooCommerce",
"vendor": "WebFactory",
"versions": [
{
"changes": [
{
"at": "3.24",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.23",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Joshua Chan | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T16:27:11.403Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Insertion of Sensitive Information Into Sent Data vulnerability in WebFactory Order Export for WooCommerce order-export-and-more-for-woocommerce.\u003cp\u003eThis issue affects Order Export for WooCommerce: from n/a through \u003c= 3.23.\u003c/p\u003e"
}
],
"value": "Insertion of Sensitive Information Into Sent Data vulnerability in WebFactory Order Export for WooCommerce order-export-and-more-for-woocommerce.This issue affects Order Export for WooCommerce: from n/a through \u003c= 3.23."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-201",
"description": "Insertion of Sensitive Information Into Sent Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T15:34:46.985Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/order-export-and-more-for-woocommerce/vulnerability/wordpress-order-export-for-woocommerce-plugin-3-23-sensitive-data-exposure-vulnerability?_s_id=cve"
}
],
"title": "WordPress Order Export for WooCommerce plugin \u003c= 3.23 - Sensitive Data Exposure vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-43259",
"datePublished": "2024-08-26T20:13:24.582Z",
"dateReserved": "2024-08-09T09:20:48.470Z",
"dateUpdated": "2026-04-01T15:34:46.985Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}