EUVD-2026-39188

The InPost PL WordPress plugin before 1.9.1 does not verify that the request originates from the legitimate buyer before allowing the WooCommerce order parcel-locker destination to be updated, allowing unauthenticated attackers to silently redirect the shipping destination of any pending or...

CVE-2026-9702

Summary : CVE-2026-9702 affects the InPost PL WordPress plugin prior to version 1.9.1. The vulnerability occurs because the plugin does not verify that a request originates from the legitimate buyer before updating the WooCommerce order parcel-locker destination. This allows unauthenticated attac...

EUVD-2024-47585

Malicious code in bioql PyPI...

CVE-2024-6500

The InPost for WooCommerce plugin and InPost PL plugin for WordPress are vulnerable to unauthorized access and deletion of data due to a missing capability check on the 'parserequest' function in all versions up to, and including, 1.4.0 for InPost for WooCommerce as well as 1.4.4 for InPost PL...

WordPress InPost for WooCommerce plugin <= 1.4.0 - Unauthenticated Arbitrary File Read/Delete vulnerability

Unauthenticated Arbitrary File Read/Delete vulnerability discovered by 1337Wannabe in WordPress Plugin InPost for WooCommerce versions = 1.4.0...