Lucene search
WPScanCVELIST:CVE-2021-25002HistoryMay 02, 2022 - 4:05 p.m.
CVE-2021-25002 Tipsacarrier < 1.5.0.5 - Unauthenticated Orders Disclosure
2022-05-0216:05:29
CWE-862
WPScan
www.cve.org
0.003 Low
EPSS
Percentile
68.8%
The Tipsacarrier WordPress plugin before 1.5.0.5 does not have any authorisation check in place some functions, which could allow unauthenticated users to access Orders data which could be used to retrieve the client full address, name and phone via tracking URL
CNA Affected
[
{
"product": "Tipsacarrier",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.5.0.5",
"status": "affected",
"version": "1.5.0.5",
"versionType": "custom"
}
]
}
]Related
wpexploit
wpexploit
Tipsacarrier <= 1.4.4.2 - Unauthenticated Orders Disclosure
2022-04-05 00:00:00
cve
cve
CVE-2021-25002
2022-05-02 16:15:07
wpvulndb
wpvulndb
Tipsacarrier <= 1.4.4.2 - Unauthenticated Orders Disclosure
2022-04-05 00:00:00
cnvd
cnvd
WordPress Tipsacarrier plugin access control error vulnerability
2022-05-07 00:00:00
prion
prion
Code injection
2022-05-02 16:15:00
nvd
nvd
CVE-2021-25002
2022-05-02 16:15:07