7 matches found
EUVD-2026-39188
The InPost PL WordPress plugin before 1.9.1 does not verify that the request originates from the legitimate buyer before allowing the WooCommerce order parcel-locker destination to be updated, allowing unauthenticated attackers to silently redirect the shipping destination of any pending or...
CVE-2026-9702
The InPost PL WordPress plugin before 1.9.1 does not verify that the request originates from the legitimate buyer before allowing the WooCommerce order parcel-locker destination to be updated, allowing unauthenticated attackers to silently redirect the shipping destination of any pending or...
CVE-2026-9702 InPost PL < 1.9.1 - Unauthenticated WooCommerce Order Parcel-Locker Hijacking
The InPost PL WordPress plugin before 1.9.1 does not verify that the request originates from the legitimate buyer before allowing the WooCommerce order parcel-locker destination to be updated, allowing unauthenticated attackers to silently redirect the shipping destination of any pending or...
CVE-2026-9702
The CVE concerns the InPost PL WordPress plugin (before 1.9.1) failing to verify that a request to update the WooCommerce order parcel-locker destination originates from the legitimate buyer. This allows unauthenticated attackers to silently redirect the shipping destination of any pending or pro...
EUVD-2024-47585
Malicious code in bioql PyPI...
CVE-2024-6500
The InPost for WooCommerce plugin and InPost PL plugin for WordPress are vulnerable to unauthorized access and deletion of data due to a missing capability check on the 'parserequest' function in all versions up to, and including, 1.4.0 for InPost for WooCommerce as well as 1.4.4 for InPost PL...
WordPress InPost for WooCommerce plugin <= 1.4.0 - Unauthenticated Arbitrary File Read/Delete vulnerability
Unauthenticated Arbitrary File Read/Delete vulnerability discovered by 1337Wannabe in WordPress Plugin InPost for WooCommerce versions = 1.4.0...