Lucene search
China National Vulnerability DatabaseCNVD-2022-67549HistoryMay 07, 2022 - 12:00 a.m.
WordPress Tipsacarrier plugin access control error vulnerability
2022-05-0700:00:00
China National Vulnerability Database
www.cnvd.org.cn
8
0.003 Low
EPSS
Percentile
68.8%
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL. WordPress plugin is an application plugin. WordPress Tipsacarrier plugin version 1.4.4.2 and prior versions are vulnerable to an access control error that stems from a failure to perform any authorization checks. An unauthenticated attacker could use this vulnerability to access order data that could be used to retrieve a customer’s full address, name and phone number via a tracking URL.
| CPE | Name | Operator | Version |
|---|---|---|---|
| WordPress Tipsacarrier plugin <=1. | eq | 4.4.2 |
Related
wpexploit
wpexploit
Tipsacarrier <= 1.4.4.2 - Unauthenticated Orders Disclosure
2022-04-05 00:00:00
cve
cve
CVE-2021-25002
2022-05-02 16:15:07
cvelist
cvelist
CVE-2021-25002 Tipsacarrier < 1.5.0.5 - Unauthenticated Orders Disclosure
2022-05-02 16:05:29
wpvulndb
wpvulndb
Tipsacarrier <= 1.4.4.2 - Unauthenticated Orders Disclosure
2022-04-05 00:00:00
prion
prion
Code injection
2022-05-02 16:15:00
nvd
nvd
CVE-2021-25002
2022-05-02 16:15:07