WordPress Tipsacarrier plugin access control error vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL. WordPress plugin is an application plugin. WordPress...

CVE-2021-25002

The Tipsacarrier WordPress plugin before 1.5.0.5 does not have any authorisation check in place some functions, which could allow unauthenticated users to access Orders data which could be used to retrieve the client full address, name and phone via tracking URL...

CVE-2021-25002

The Tipsacarrier WordPress plugin before 1.5.0.5 does not have any authorisation check in place some functions, which could allow unauthenticated users to access Orders data which could be used to retrieve the client full address, name and phone via tracking URL...

Code injection

The Tipsacarrier WordPress plugin before 1.5.0.5 does not have any authorisation check in place some functions, which could allow unauthenticated users to access Orders data which could be used to retrieve the client full address, name and phone via tracking URL...

CVE-2021-25002

CVE-2021-25002 affects the Tipsacarrier WordPress plugin prior to 1.5.0.5. The vulnerability is due to missing authorization checks in certain functions, allowing unauthenticated users to access orders data and potentially retrieve customer PII (full address, name, phone) via a tracking URL. Affe...

CVE-2021-25002 Tipsacarrier < 1.5.0.5 - Unauthenticated Orders Disclosure

The Tipsacarrier WordPress plugin before 1.5.0.5 does not have any authorisation check in place some functions, which could allow unauthenticated users to access Orders data which could be used to retrieve the client full address, name and phone via tracking URL...

PT-2022-9559 · WordPress · Tipsacarrier Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: Tipsacarrier WordPress plugin versions prior to 1.5.0.5 Description: The issue concerns a lack of authorization checks in certain functions, allowing unauthenticated users to access Orders data. This could potentially be used to retrieve clie...

WordPress plugin Tipsacarrier 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL. WordPress plugin is an application plugin. WordPress...

Tipsacarrier <= 1.4.4.2 - Unauthenticated SQLi

The plugin does not sanitise and escape various parameters before using them in SQL statements, and is lacking authorisation checks in some calls as well, leading to SQL Injection issues Vendor was notified on November 26th, 2021, did not reply nor fix the issue PoC Affected files:...

Tipsacarrier <= 1.4.4.2 - Unauthenticated SQLi

The plugin does not sanitise and escape various parameters before using them in SQL statements, and is lacking authorisation checks in some calls as well, leading to SQL Injection issues Vendor was notified on November 26th, 2021, did not reply nor fix the issue Affected files:...