CVE-2024-9350

The DPD Baltic Shipping plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'searchvalue' parameter in all versions up to, and including, 1.2.83 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

CVE-2022-3999

The DPD Baltic Shipping WordPress plugin before 1.2.57 does not have authorisation and CSRF in an AJAX action, which could allow any authenticated users, such as subscriber to delete arbitrary options from the blog, which could make the blog unavailable...

CVE-2024-9350

The DPD Baltic Shipping plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'searchvalue' parameter in all versions up to, and including, 1.2.83 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

CVE-2024-9350 DPD Baltic Shipping <= 1.2.83 - Reflected Cross-Site Scripting

The DPD Baltic Shipping plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'searchvalue' parameter in all versions up to, and including, 1.2.83 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

CVE-2024-9350

CVE-2024-9350 (DPD Baltic Shipping, WordPress) Reflected Cross-Site Scripting via the search_value parameter in all versions up to and including 1.2.83. Root cause: insufficient input sanitization and output escaping. Impact: unauthenticated attackers can inject scripts into pages that execute if...

WordPress plugin DPD Baltic Shipping 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A cross-site scripting...

WordPress DPD Baltic Shipping plugin <= 1.2.83 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin DPD Baltic Shipping versions = 1.2.83...

PT-2024-39585 · WordPress · Dpd Baltic Shipping

Name of the Vulnerable Software and Affected Versions: DPD Baltic Shipping plugin for WordPress versions up to, and including, 1.2.83 Description: The issue is related to Reflected Cross-Site Scripting via the search value parameter due to insufficient input sanitization and output escaping. This...

WordPress DPD Baltic Shipping Plugin <= 1.2.83 is vulnerable to Cross Site Scripting (XSS)

Software DPD Baltic Shipping Type Plugin Vulnerable versions = 1.2.83 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9350 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 6c5aa369cd88 Credits vgo0 Required...

CVE-2022-3999

The DPD Baltic Shipping WordPress plugin before 1.2.57 does not have authorisation and CSRF in an AJAX action, which could allow any authenticated users, such as subscriber to delete arbitrary options from the blog, which could make the blog unavailable...

Cross site request forgery (csrf)

The DPD Baltic Shipping WordPress plugin before 1.2.57 does not have authorisation and CSRF in an AJAX action, which could allow any authenticated users, such as subscriber to delete arbitrary options from the blog, which could make the blog unavailable...

CVE-2022-3999 WooCommerce Shipping - DPD baltic < 1.2.57 - Subscriber+ Arbitrary Options Deletion

The DPD Baltic Shipping WordPress plugin before 1.2.57 does not have authorisation and CSRF in an AJAX action, which could allow any authenticated users, such as subscriber to delete arbitrary options from the blog, which could make the blog unavailable...

CVE-2022-3999

Affected software: DPD Baltic Shipping WordPress plugin. Vulnerable: versions prior to 1.2.57, due to missing authorization and CSRF protection in an AJAX action. Impact: any authenticated user (e.g., subscriber) could delete arbitrary options, potentially rendering the blog unavailable. Remediat...

CVE-2022-3999 WooCommerce Shipping - DPD baltic < 1.2.57 - Subscriber+ Arbitrary Options Deletion

The DPD Baltic Shipping WordPress plugin before 1.2.57 does not have authorisation and CSRF in an AJAX action, which could allow any authenticated users, such as subscriber to delete arbitrary options from the blog, which could make the blog unavailable...

WooCommerce Shipping - DPD baltic < 1.2.57 - Subscriber+ Arbitrary Options Deletion

The plugin does not have authorisation and CSRF in an AJAX action, which could allow any authenticated users, such as subscriber to delete arbitrary options from the blog, which could make the blog unavailable. PoC Run the below command in the developer console of the web browser while being on t...

WooCommerce Shipping - DPD baltic < 1.2.57 - Subscriber+ Arbitrary Options Deletion

The plugin does not have authorisation and CSRF in an AJAX action, which could allow any authenticated users, such as subscriber to delete arbitrary options from the blog, which could make the blog unavailable. Run the below command in the developer console of the web browser while being on the...

WooCommerce Shipping - DPD baltic < 1.2.11 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. Put the following payload in the Name field of...

WooCommerce Shipping - DPD baltic < 1.2.11 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC Put the following payload in the Name field o...

WordPress WooCommerce Shipping - DPD baltic plugin <= 1.2.8 - Auth. Stored Cross-Site Scripting (XSS) vulnerability

Auth. Stored Cross-Site Scripting XSS vulnerability discovered by Lana Codes in WordPress WooCommerce Shipping - DPD baltic plugin versions = 1.2.8. Solution Update the WordPress DPD Baltic Shipping plugin to the latest available version at least 1.2.11...