Ni WooCommerce Order Export Cross-Site Request Forgery Vulnerability

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the Ni WooCommerce Order Export plugin for WordPress, affecting all versions up to and including 3.1.6. The vulnerability arises from a lack of nonce validation in the 'ni_order_export_action' AJAX handler, which processes settings updates without verifying user capabilities. This flaw allows unauthenticated attackers to manipulate the plugin's settings by tricking an administrator into sending a forged request.

Impact

Exploitation of this vulnerability could lead to unauthorized changes in the plugin's settings, potentially allowing attackers to manipulate order export options or other related configurations.

Reproduction

To reproduce this vulnerability, an attacker must send a forged request to the 'ni_order_export_action' AJAX endpoint, including the 'page' parameter set to 'nioe-order-settings'. The request can be sent without a nonce, as none is required for validation. If successful, the request will update the 'ni_order_export_option' with the provided data, allowing the attacker to modify the plugin's settings.

Remediation

Users are advised to update to Ni WooCommerce Order Export version 3.1.6 or later, where this vulnerability has been patched.