Lucene search
K

11 matches found

EUVD
EUVD
added 4 days ago6 views

EUVD-2026-43119

The MyParcel plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.25.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access a...

4.3CVSS6.2AI score0.00232EPSS
Exploits0References8
CVE
CVE
added 4 days ago11 views

CVE-2026-8678

The CVE-2026-8678 entry concerns the WordPress MyParcel plugin and its versions up to 4.25.1. Affected component: the MyParcel plugin (WordPress). Root cause: missing authorization verification for certain AJAX actions (wcmp_get_shipment_options and wcmp_save_shipment_options). Impact: authentica...

4.3CVSS6.2AI score0.00232EPSS
Exploits0References8
Cvelist
Cvelist
added 4 days ago33 views

CVE-2026-8678 MyParcel <= 4.25.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Order Shipment Data Disclosure and Modification via wcmp_get_shipment_options and wcmp_save_shipment_options AJAX Actions

The MyParcel plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.25.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access a...

4.3CVSS0.00232EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2024-50369

Malicious code in bioql PyPI...

6.1CVSS8.9AI score0.00291EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 8:16 a.m.6 views

CVE-2024-9608

The MyParcel plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 4.24.1. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...

6.1CVSS5.6AI score0.00291EPSS
Exploits0References1
NVD
NVD
added 2024/12/13 12:15 p.m.24 views

CVE-2024-9608

The MyParcel plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 4.24.1. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...

6.1CVSS0.00291EPSS
Exploits0References2
CVE
CVE
added 2024/12/13 11:23 a.m.44 views

CVE-2024-9608

CVE-2024-9608 refers to a Reflected Cross-Site Scripting vulnerability in the WordPress MyParcel plugin that uses add_query_arg without proper escaping, affecting all versions up to 4.24.1. Exploitation could occur when a user clicks a crafted link in a Belgium-configured WooCommerce store. The v...

6.1CVSS6AI score0.00291EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/12/13 11:23 a.m.11 views

CVE-2024-9608 MyParcel <= 4.24.1 - Reflected Cross-Site Scripting

The MyParcel plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 4.24.1. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...

6.1CVSS6.4AI score0.00291EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/12/13 11:23 a.m.19 views

CVE-2024-9608 MyParcel <= 4.24.1 - Reflected Cross-Site Scripting

The MyParcel plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 4.24.1. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...

6.1CVSS0.00291EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/12/13 5:13 a.m.5 views

WordPress MyParcel plugin <= 4.24.1 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin MyParcel versions = 4.24.1...

6.1CVSS6.3AI score0.00291EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2024/12/13 12:0 a.m.3 views

WordPress plugin MyParcel 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...

6.1CVSS7.8AI score0.00291EPSS
Exploits0References2
Rows per page
Query Builder