36 matches found
CVE-2026-25456
Missing Authorization vulnerability in Aarsiv Groups Automated FedEx live/manual rates with shipping labels a2z-fedex-shipping allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Automated FedEx live/manual rates with shipping labels: from n/a through = 5.1....
EUVD-2026-15736
Missing Authorization vulnerability in Aarsiv Groups Automated FedEx live/manual rates with shipping labels a2z-fedex-shipping allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Automated FedEx live/manual rates with shipping labels: from n/a through = 5.1....
CVE-2026-25456
Missing Authorization vulnerability in Aarsiv Groups Automated FedEx live/manual rates with shipping labels a2z-fedex-shipping allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Automated FedEx live/manual rates with shipping labels: from n/a through = 5.1....
CVE-2026-25456
CVE-2026-25456 (A2Z FedEx shipping plugin for WordPress, a2z-fedex-shipping) is a Missing Authorization vulnerability affecting Automated FedEx live/manual rates with shipping labels up to version 5.1.8. Reported with CVSS v3.1 base score 7.5 (Network, High confidentiality impact, No availability...
CVE-2026-25456 WordPress Automated FedEx live/manual rates with shipping labels plugin <= 5.1.9 - Broken Access Control vulnerability
Missing Authorization vulnerability in Aarsiv Groups Automated FedEx live/manual rates with shipping labels a2z-fedex-shipping allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Automated FedEx live/manual rates with shipping labels: from n/a through = 5.1....
WordPress plugin Automated FedEx live/manual rates with shipping labels 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
WordPress Automated FedEx live/manual rates with shipping labels plugin <= 5.1.8 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by johska in WordPress Plugin Automated FedEx live/manual rates with shipping labels versions = 5.1.8...
CVE-2025-23903
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in woofx Local Shipping Labels for WooCommerce local-shipping-labels-for-woocommerce allows Reflected XSS.This issue affects Local Shipping Labels for WooCommerce: from n/a through = 1.0.0...
EUVD-2025-5677
Malicious code in bioql PyPI...
CVE-2025-23903
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in woofx Local Shipping Labels for WooCommerce local-shipping-labels-for-woocommerce allows Reflected XSS.This issue affects Local Shipping Labels for WooCommerce: from n/a through = 1.0.0...
CVE-2025-23903 WordPress Local Shipping Labels for WooCommerce Plugin <= 1.0.0 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in woofx Local Shipping Labels for WooCommerce local-shipping-labels-for-woocommerce allows Reflected XSS.This issue affects Local Shipping Labels for WooCommerce: from n/a through = 1.0.0...
CVE-2025-23903 WordPress Local Shipping Labels for WooCommerce Plugin <= 1.0.0 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in woofx Local Shipping Labels for WooCommerce local-shipping-labels-for-woocommerce allows Reflected XSS.This issue affects Local Shipping Labels for WooCommerce: from n/a through = 1.0.0...
CVE-2025-23903
CVE-2025-23903 is a reflected cross-site scripting (XSS) vulnerability in the WordPress plugin Local Shipping Labels for WooCommerce (NotFound) affecting versions up to and including 1.0.0. The issue arises from improper input neutralization during web page generation, enabling Reflected XSS. CVS...
WordPress plugin Local Shipping Labels for WooCommerce 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
WordPress WooCommerce PDF Invoices plugin <= 4.7.1 - Stored Cross Site Scripting (XSS) vulnerability
Stored Cross Site Scripting XSS vulnerability discovered by savphill in WordPress Plugin WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels versions = 4.7.1...
WordPress Local Shipping Labels for WooCommerce Plugin <= 1.0.0 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Local Shipping Labels for WooCommerce versions = 1.0.0...
CVE-2024-6506
Information exposure vulnerability in the MRW plugin, in its 5.4.3 version, affecting the "mrwlog" functionality. This vulnerability could allow a remote attacker to obtain other customers' order information and access sensitive information such as name and phone number. This vulnerability also...
CVE-2024-6506
CVE-2024-6506 affects MRW plugin version 5.4.3, specifically the mrw_log functionality. The exposed data includes other customers’ order information and sensitive fields such as names and phone numbers, with an ability to create or overwrite shipping labels. The CVSSv3.1 base score is 8.2 (HIGH) ...
CVE-2024-6506 Information exposure vulnerability in the MRW plug-in
Information exposure vulnerability in the MRW plugin, in its 5.4.3 version, affecting the "mrwlog" functionality. This vulnerability could allow a remote attacker to obtain other customers' order information and access sensitive information such as name and phone number. This vulnerability also...
CVE-2024-6506 Information exposure vulnerability in the MRW plug-in
Information exposure vulnerability in the MRW plugin, in its 5.4.3 version, affecting the "mrwlog" functionality. This vulnerability could allow a remote attacker to obtain other customers' order information and access sensitive information such as name and phone number. This vulnerability also...