Protect Your WooCommerce Store: Order Export & Import Plugin Vulnerability Discovered

CVECVE-2024-22135
CVSScvssV3_1: 8
SourceCVE-2024-22135

A critical vulnerability has been discovered in the Order Export & Import for WooCommerce plugin that could allow attackers to compromise WooCommerce stores.

The vulnerability, tracked as CVE-2024-22135, receives a CVSS score of 8 due to its ability to allow unrestricted uploads of dangerous file types. This could allow attackers to upload malicious files like PHP scripts or databases.

Order Export & Import for WooCommerce is a plugin that allows users to export and import orders from their WooCommerce store. However, versions 2.4.3 and below fail to properly restrict what file types can be uploaded. This opens the door for attackers to upload files that could take over the server or website.

If exploited, attackers could gain administrative access and full control over the store. They could then steal customer data, install malware, or use the site to launch other attacks.

All users of Order Export & Import for WooCommerce should update to version 2.4.4 or higher immediately. This fixes the file upload vulnerability. Store owners should also ensure their servers and plugins are up to date to prevent compromise. Being vigilant about plugin and core updates is key to maintaining WooCommerce store security.

References