CVE-2025-68011 WordPress GLS Shipping for WooCommerce plugin <= 1.4.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in GLS GLS Shipping for WooCommerce gls-shipping-for-woocommerce allows Reflected XSS.This issue affects GLS Shipping for WooCommerce: from n/a through = 1.4.0...

EUVD-2025-202008

Missing Authorization vulnerability in multiparcels MultiParcels Shipping For WooCommerce multiparcels-shipping-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MultiParcels Shipping For WooCommerce: from n/a through = 1.30.12...

CVE-2024-6566

The Aramex Shipping WooCommerce plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.1.21. This is due the plugin not preventing direct access to the composer-setup.php file which also has displayerrors enabled. This makes it possible for...

CVE-2025-24553

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Akadrama Shipping with Venipak for WooCommerce wc-venipak-shipping allows Reflected XSS.This issue affects Shipping with Venipak for WooCommerce: from n/a through = 1.22.3...

CVE-2025-39564

CVE-2025-39564 is a CSRF vulnerability in the WordPress plugin Conditional Shipping for WooCommerce affecting versions up to 3.4.0. The available data cites a CVSS v3.1 base score of 6.5 (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). No exploit details or remediation are provided in the connected docs; p...

WordPress Aramex Shipping WooCommerce plugin <= 1.1.21 - Unauthenticated Full Path Disclosure vulnerability

Unauthenticated Full Path Disclosure vulnerability discovered by stealthcopter in WordPress Plugin Aramex Shipping WooCommerce versions = 1.1.21...

WordPress plugin Aramex Shipping WooCommerce 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress plugin MultiParcels Shipping For WooCommerce SQL Injection Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A SQL injection vulnerability exists in the...

MultiParcels Shipping For WooCommerce < 1.15.4 - Reflected XSS

Description The plugin does not sanitise and escape various parameters before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Note: The issue was fixed in 1.14.15 but re-introduced in 1.14.16 PoC Make a...

CVE-2022-4107

The SMSA Shipping for WooCommerce WordPress plugin before 1.0.5 does not have authorisation and proper CSRF checks, as well as does not validate the file to be downloaded, allowing any authenticated users, such as subscriber to download arbitrary file from the server...