This vulnerability (CVE-2024-31266) in AlgolPlus Advanced Order Export For WooCommerce is classified as CWE-94, indicating improper control of code generation leading to code injection. It affects all versions up to 3.4.4. An attacker with high privileges can exploit this flaw remotely over the network without user interaction, resulting in complete compromise of the affected system. The CVSS 3.1 vector (AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H) reflects network attack vector, low attack complexity, required high privileges, no user interaction, and a scope change with high impact on confidentiality, integrity, and availability. No patch or official fix has been published yet.

Successful exploitation allows an attacker with high privileges to inject and execute arbitrary code remotely, potentially leading to full system compromise including unauthorized data access, modification, and service disruption. The vulnerability impacts confidentiality, integrity, and availability at a critical level.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, restrict access to the affected plugin to trusted administrators only and monitor for suspicious activity. Avoid exposing the plugin to untrusted networks. Do not assume the vulnerability is mitigated without vendor confirmation.