CVE-2026-39540

Subscriber Cross Site Scripting XSS in Shipment Tracker for Woocommerce = 1.5.3.2 versions...

CVE-2026-39540 WordPress Shipment Tracker for Woocommerce plugin <= 1.5.3.2 - Cross Site Scripting (XSS) vulnerability

Subscriber Cross Site Scripting XSS in Shipment Tracker for Woocommerce = 1.5.3.2 versions...

CVE-2026-39540

CVE-2026-39540 concerns WordPress plugin Shipment Tracker for Woocommerce (versions up to and including 1.5.3.2). The vulnerability is a Cross Site Scripting (XSS) issue in subscriber-facing context. Public sources indicate a CVSSv3.1 base score of 6.5 (Medium) with network attack vector, low att...

PT-2026-35640

Name of the Vulnerable Software and Affected Versions Shipment Tracker for Woocommerce versions prior to 1.5.3.3 Description A Cross Site Scripting XSS issue exists that allows users with the Subscriber role to execute malicious scripts in the context of the application. Recommendations Update to...

WordPress Shipment Tracker for Woocommerce plugin <= 1.5.3.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin Shipment Tracker for Woocommerce versions = 1.5.3.2...

EUVD-2025-11602

Malicious code in bioql PyPI...

CVE-2025-24586

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bitsstech Shipment Tracker for Woocommerce shipment-tracker-for-woocommerce allows Reflected XSS.This issue affects Shipment Tracker for Woocommerce: from n/a through = 1.4.23...

CVE-2025-24586

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bitsstech Shipment Tracker for Woocommerce shipment-tracker-for-woocommerce allows Reflected XSS.This issue affects Shipment Tracker for Woocommerce: from n/a through = 1.4.23...

CVE-2025-24586 WordPress Shipment Tracker for Woocommerce plugin <= 1.4.23 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bitsstech Shipment Tracker for Woocommerce shipment-tracker-for-woocommerce allows Reflected XSS.This issue affects Shipment Tracker for Woocommerce: from n/a through = 1.4.23...

CVE-2025-24586 WordPress Shipment Tracker for Woocommerce plugin <= 1.4.23 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bitsstech Shipment Tracker for Woocommerce shipment-tracker-for-woocommerce allows Reflected XSS.This issue affects Shipment Tracker for Woocommerce: from n/a through = 1.4.23...

CVE-2025-24586

The CVE-2025-24586 entry concerns bitsstech Shipment Tracker for Woocommerce (WordPress plugin). Affected component: the Shipment Tracker for Woocommerce plugin, version range n/a through 1.4.23. Root cause: Improper Neutralization of Input During Web Page Generation, i.e., a Reflected XSS vulner...

PT-2025-17036 · Unknown · Bitsstech Shipment Tracker For Woocommerce

Name of the Vulnerable Software and Affected Versions: bitsstech Shipment Tracker for Woocommerce versions 1.4.23 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Reflected XSS. This means an...

WordPress plugin Shipment Tracker for Woocommerce 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in...

WordPress Shipment Tracker for Woocommerce plugin <= 1.4.23 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by thiennv in WordPress Plugin Shipment Tracker for Woocommerce versions = 1.4.23...