11 matches found
EUVD-2026-43119
The MyParcel plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.25.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access a...
CVE-2026-8678
The CVE-2026-8678 entry concerns the WordPress MyParcel plugin and its versions up to 4.25.1. Affected component: the MyParcel plugin (WordPress). Root cause: missing authorization verification for certain AJAX actions (wcmp_get_shipment_options and wcmp_save_shipment_options). Impact: authentica...
CVE-2026-8678 MyParcel <= 4.25.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Order Shipment Data Disclosure and Modification via wcmp_get_shipment_options and wcmp_save_shipment_options AJAX Actions
The MyParcel plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.25.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access a...
EUVD-2024-50369
Malicious code in bioql PyPI...
CVE-2024-9608
The MyParcel plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 4.24.1. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...
CVE-2024-9608
The MyParcel plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 4.24.1. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...
CVE-2024-9608
CVE-2024-9608 refers to a Reflected Cross-Site Scripting vulnerability in the WordPress MyParcel plugin that uses add_query_arg without proper escaping, affecting all versions up to 4.24.1. Exploitation could occur when a user clicks a crafted link in a Belgium-configured WooCommerce store. The v...
CVE-2024-9608 MyParcel <= 4.24.1 - Reflected Cross-Site Scripting
The MyParcel plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 4.24.1. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...
CVE-2024-9608 MyParcel <= 4.24.1 - Reflected Cross-Site Scripting
The MyParcel plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 4.24.1. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...
WordPress MyParcel plugin <= 4.24.1 - Reflected Cross-Site Scripting vulnerability
Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin MyParcel versions = 4.24.1...
WordPress plugin MyParcel 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...