CVE-2021-24169

MEDIUM NUCLEI

Advanced Order Export For WooCommerce < 3.1.8 - Reflected Cross-Site Scripting via Admin Panel Tab Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-24169. PoCs published by 0xB9. A Nuclei detection template is also available.

AI-analyzed exploit summary This exploit demonstrates a reflected XSS vulnerability in the WordPress plugin Advanced Order Export For WooCommerce 3.1.7 via the 'tab' parameter in the admin panel. The PoC shows how an attacker can inject arbitrary JavaScript code.

Description

This Advanced Order Export For WooCommerce WordPress plugin before 3.1.8 helps you to easily export WooCommerce order data. The tab parameter in the Admin Panel is vulnerable to reflected XSS.

Exploits (1)

exploitdb WORKING POC
by 0xB9 · textwebappsphp
https://www.exploit-db.com/exploits/50324

This exploit demonstrates a reflected XSS vulnerability in the WordPress plugin Advanced Order Export For WooCommerce 3.1.7 via the 'tab' parameter in the admin panel. The PoC shows how an attacker can inject arbitrary JavaScript code.

Classification
Working Poc 100%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Advanced Order Export For WooCommerce 3.1.7
Auth required
Prerequisites: Access to the WordPress admin panel · Victim must click on a malicious link
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

WordPress Advanced Order Export For WooCommerce <3.1.8 - Authenticated Cross-Site Scripting
MEDIUMVERIFIEDby r3Y3r53

References (2)

Core 2

Scores

CVSS v3 6.1
EPSS 0.0943
EPSS Percentile 94.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (1)
algolplus/advanced_order_export_for_woocommerce < 3.1.8
Published Apr 05, 2021
Tracked Since Feb 18, 2026