56 matches found
CVE-2026-39079
An issue in prestashop upsshipping all versions through at least 2.4.0 allows a remote attacker to obtain sensitive information via the /modules/upsshipping/logs/, and /modules/upsshipping/lib/UPSBaseApi.php components...
EUVD-2026-30236
The GLS Shipping for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'failedorders' parameter in all versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...
CVE-2026-39672
The connected sources confirm CVE-2026-39672 relates to the WordPress plugin ShipTime: Discounted Shipping Rates (shiptime-discount-shipping) with a Broken Access Control (Missing Authorization) vulnerability affecting version
CVE-2026-25456 WordPress Automated FedEx live/manual rates with shipping labels plugin <= 5.1.9 - Broken Access Control vulnerability
Missing Authorization vulnerability in Aarsiv Groups Automated FedEx live/manual rates with shipping labels a2z-fedex-shipping allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Automated FedEx live/manual rates with shipping labels: from n/a through = 5.1....
WordPress plugin GLS Shipping for WooCommerce has a cross-site scripting vulnerability
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
CVE-2023-45761
Unauth. Reflected Cross-Site Scripting XSS vulnerability in Joovii Sendle Shipping Plugin plugin = 5.13 versions...
CVE-2025-62976 WordPress Sendle Shipping plugin <= 6.02 - Broken Access Control vulnerability
Missing Authorization vulnerability in Joovii Sendle Shipping official-sendle-shipping-method allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Sendle Shipping: from n/a through = 6.02...
EUVD-2023-40463
Malicious code in bioql PyPI...
EUVD-2023-41747
Malicious code in bioql PyPI...
EUVD-2023-44033
Malicious code in bioql PyPI...
EUVD-2022-51476
Malicious code in bioql PyPI...
EUVD-2023-38139
Malicious code in bioql PyPI...
EUVD-2024-34338
Malicious code in bioql PyPI...
EUVD-2024-33538
Malicious code in bioql PyPI...
WordPress Sendle Shipping plugin <= 6.02 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Skalucy in WordPress Plugin Sendle Shipping versions = 6.02...
CVE-2025-60139
CVE-2025-60139 is a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress plugin official-sendle-shipping-method (Sendle Shipping). It affects Sendle Shipping versions from n/a up to and including 6.02. The associated CVSS 3.1 metrics indicate a Medium risk (4.3) with network attack ve...
CVE-2025-53213 WordPress ReachShip WooCommerce Multi-Carrier & Conditional Shipping <= 4.3.1 - Arbitrary File Upload Vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in ELEXtensions ReachShip WooCommerce Multi-Carrier & Conditional Shipping elex-reachship-multi-carrier-conditional-shipping allows Using Malicious Files.This issue affects ReachShip WooCommerce Multi-Carrier & Conditional Shipping: fr...
CVE-2024-9237
The Fish and Ships – Most flexible shipping table rate. A WooCommerce shipping rate plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.5.9. This makes it possible for...
CVE-2024-11815
The Pósturinn's Shipping with WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the printedmarked and nonprintedmarked parameters in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2024-11842
The DN Shipping by Weight for WooCommerce WordPress plugin before 1.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...