Exploitation Summary
CVE-2022-0149 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.
Description
The WooCommerce Stored Exporter WordPress plugin before 2.7.1 was affected by a Reflected Cross-Site Scripting (XSS) vulnerability in the woo_ce admin page.
Nuclei Templates (1)
WooCommerce Stored Exporter WordPress Plugin < 2.7.1 - Cross-Site Scripting
MEDIUMby dhiyaneshDk
References (2)
Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://wpscan.com/vulnerability/e47c288a-2ea3-4926-93cc-113867cbc77c
Patch, Third Party Advisory x_refsource_confirm
https://plugins.trac.wordpress.org/changeset/2654545/woocommerce-exporter
Scores
CVSS v3
6.1
EPSS
0.0234
EPSS Percentile
81.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (1)
visser/store_exporter_for_woocommerce
< 2.7.1
Published
Feb 07, 2022
Tracked Since
Feb 18, 2026