CVE-2024-13923

Summary

CVE-2024-13923 is a Server-Side Request Forgery (SSRF) vulnerability affecting the Order Export & Order Import plugin for WooCommerce on WordPress. This issue, which impacts versions up to and including 2.6.0, allows authenticated attackers with Administrator-level access or higher to issue web requests to arbitrary locations from the vulnerable application. By exploiting the vulnerability through the validate_file() function, attackers can gain unauthorized access to internal services and potentially modify information. This poses a significant risk to the confidentiality, integrity, and availability of data within the affected WordPress installation.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.