WordPress EPROLO Dropshipping plugin <= 2.3.1 - Missing Authorization to Authenticated (Subscriber+) Tracking Data Modification vulnerability

Missing Authorization to Authenticated Subscriber+ Tracking Data Modification vulnerability discovered by Legion Hunter in WordPress Plugin EPROLO Dropshipping versions = 2.3.1...

CVE-2025-12133

The EPROLO Dropshipping plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpajaxeprolodeletetracking and wpajaxeprolosavetrackingdata AJAX endpoints in all versions up to, and including, 2.3.1. This makes it possible for authenticated...

CVE-2025-12133

CVE-2025-12133 affects the EPROLO Dropshipping plugin for WordPress (versions up to 2.3.1). The issue is a missing capability check on two AJAX endpoints (wp_ajax_eprolo_delete_tracking and wp_ajax_eprolo_save_tracking_data), allowing authenticated users with Subscriber+ privileges to modify or d...

CVE-2025-12133 EPROLO Dropshipping <= 2.3.1 - Missing Authorization to Authenticated (Subscriber+) Tracking Data Modification

The EPROLO Dropshipping plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpajaxeprolodeletetracking and wpajaxeprolosavetrackingdata AJAX endpoints in all versions up to, and including, 2.3.1. This makes it possible for authenticated...

EUVD-2025-201370

The EPROLO Dropshipping plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpajaxeprolodeletetracking and wpajaxeprolosavetrackingdata AJAX endpoints in all versions up to, and including, 2.3.1. This makes it possible for authenticated...

WordPress plugin EPROLO Dropshipping 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

PT-2025-49201

The EPROLO Dropshipping plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wp ajax eprolo delete tracking and wp ajax eprolo save tracking data AJAX endpoints in all versions up to, and including, 2.3.1. This makes it possible for...

EUVD-2024-31310

Malicious code in bioql PyPI...

CVE-2024-33573

Missing Authorization vulnerability in EPROLO EPROLO Dropshipping.This issue affects EPROLO Dropshipping: from n/a through 1.7.1...

CVE-2024-33573

Missing Authorization vulnerability in EPROLO EPROLO Dropshipping.This issue affects EPROLO Dropshipping: from n/a through 1.7.1...

CVE-2024-33573 WordPress EPROLO Dropshipping plugin <= 1.7.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in EPROLO EPROLO Dropshipping.This issue affects EPROLO Dropshipping: from n/a through 1.7.1...

CVE-2024-33573

CVE-2024-33573 is a Missing Authorization vulnerability in the WordPress plugin EPROLO Dropshipping (through version 1.7.1). Public documents confirm the issue is caused by missing authorization checks, potentially allowing unauthorized access to restricted areas. The Red Hat advisory and PT-secu...

CVE-2024-33573 WordPress EPROLO Dropshipping plugin <= 1.7.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in EPROLO EPROLO Dropshipping.This issue affects EPROLO Dropshipping: from n/a through 1.7.1...

WordPress plugin EPROLO Dropshipping 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-25342 · Eprolo · Eprolo Dropshipping

Name of the Vulnerable Software and Affected Versions: EPROLO Dropshipping versions through 1.7.1 Description: A Missing Authorization issue has been identified. This issue affects EPROLO Dropshipping, allowing potential unauthorized access. Recommendations: Update to a version later than 1.7.1 t...

EPROLO Dropshipping < 1.7.2 - Missing Authorization

Description The EPROLO Dropshipping plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the eprolodisconnect, eproloreflsh, and eproloconnectkey functions in versions up to, and including, 1.7.1. This makes it possible for authenticated...

WordPress EPROLO Dropshipping plugin <= 1.7.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Abdi Pranata Patchstack Alliance in WordPress Plugin EPROLO Dropshipping versions = 1.7.1...

WordPress EPROLO Dropshipping Plugin <= 1.7.1 is vulnerable to Broken Access Control

Software EPROLO Dropshipping Type Plugin Vulnerable versions = 1.7.1 Fixed in 1.7.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-33573 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID d5b21a303f43 Credits Abdi Pranata Required...