MEDIUM
algolplus
CVE published 2026-06-18
CVE-2026-11360
The Advanced Order Export For WooCommerce plugin for WordPress is vulnerable to generic SQL Injection via the 'sort_direction' parameter in all versions up to, and including, 4.0.10. This vulnerability allows authenticated attackers with shop manager-level access and above to append additional SQL queries into existing queries, potentially leading to sensitive information extraction from the database.