Lucene search
K

7 matches found

EUVD
EUVD
added 2026/06/25 9:31 a.m.4 views

EUVD-2026-39188

The InPost PL WordPress plugin before 1.9.1 does not verify that the request originates from the legitimate buyer before allowing the WooCommerce order parcel-locker destination to be updated, allowing unauthenticated attackers to silently redirect the shipping destination of any pending or...

7.5CVSS5.9AI score0.00208EPSS
Exploits0References2
NVD
NVD
added 2026/06/25 7:16 a.m.12 views

CVE-2026-9702

The InPost PL WordPress plugin before 1.9.1 does not verify that the request originates from the legitimate buyer before allowing the WooCommerce order parcel-locker destination to be updated, allowing unauthenticated attackers to silently redirect the shipping destination of any pending or...

7.5CVSS0.00208EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/25 6:0 a.m.30 views

CVE-2026-9702 InPost PL < 1.9.1 - Unauthenticated WooCommerce Order Parcel-Locker Hijacking

The InPost PL WordPress plugin before 1.9.1 does not verify that the request originates from the legitimate buyer before allowing the WooCommerce order parcel-locker destination to be updated, allowing unauthenticated attackers to silently redirect the shipping destination of any pending or...

0.00208EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 6:0 a.m.13 views

CVE-2026-9702

The CVE concerns the InPost PL WordPress plugin (before 1.9.1) failing to verify that a request to update the WooCommerce order parcel-locker destination originates from the legitimate buyer. This allows unauthenticated attackers to silently redirect the shipping destination of any pending or pro...

7.5CVSS5.9AI score0.00208EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-47585

Malicious code in bioql PyPI...

10CVSS6.5AI score0.00983EPSS
Exploits0References7
NVD
NVD
added 2024/08/17 3:15 a.m.27 views

CVE-2024-6500

The InPost for WooCommerce plugin and InPost PL plugin for WordPress are vulnerable to unauthorized access and deletion of data due to a missing capability check on the 'parserequest' function in all versions up to, and including, 1.4.0 for InPost for WooCommerce as well as 1.4.4 for InPost PL...

10CVSS0.00983EPSS
Exploits0References7
Patchstack
Patchstack
added 2024/08/16 6:42 p.m.5 views

WordPress InPost for WooCommerce plugin <= 1.4.0 - Unauthenticated Arbitrary File Read/Delete vulnerability

Unauthenticated Arbitrary File Read/Delete vulnerability discovered by 1337Wannabe in WordPress Plugin InPost for WooCommerce versions = 1.4.0...

10CVSS7AI score0.00983EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder