WordPress Advanced Order Export For WooCommerce plugin <= 3.4.4 - Remote Code Execution (RCE) vulnerability

CVE	CVE-2024-31266
State	PUBLISHED
Assigner	Patchstack
Source Priority	CVE Program / NVD first with legacy fallback
Published	2024-04-25 09:15:07 UTC
Updated	2026-04-28 19:24:19 UTC
Description	Improper Control of Generation of Code ('Code Injection') vulnerability in AlgolPlus Advanced Order Export For WooCommerce allows Code Injection.This issue affects Advanced Order Export For WooCommerce: from n/a through 3.4.4.

Primary CVSS: v3.1 9.1 CRITICAL from [email protected]

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

EPSS: 0.005020000 probability, percentile 0.661140000 (date 2026-04-28)

Problem Types: CWE-94 | CWE-94 CWE-94 Improper Control of Generation of Code ('Code Injection')

Version	Source	Type	Score	Severity	Vector
3.1	[email protected]	Secondary	9.1	CRITICAL	`CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H`
3.1	CNA	CVSS	9.1	CRITICAL	`CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H`

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Source	Vendor	Product	Version	Platforms
CNA	AlgolPlus	Advanced Order Export For WooCommerce	affected n/a 3.4.4 custom	Not specified
ADP	Algolplus	Advanced Order Export	affected 3.4.4 custom	Not specified

Reference	Source	Link	Tags
patchstack.com/database/vulnerability/woo-order-export-lite/wordpress-advanc...	af854a3a-2127-422b-91ae-364da2661108	patchstack.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

CNA: movrment (Patchstack Alliance) (en)

CNA: Update to 3.4.5 or a higher version.

There are currently no legacy QID mappings associated with this CVE.