3 matches found
CVE-2023-4471
The Order Tracking Pro WordPress plugin is vulnerable to Reflected Cross-Site Scripting via start_date and end_date in versions up to 3.3.6 due to insufficient input sanitization and output escaping. This allows unauthenticated attackers to inject web scripts into pages executed when a user is tr...
CVE-2023-4500
CVE-2023-4500 – Order Tracking Pro (WordPress) Affected: Order Tracking Pro plugin for WordPress (
CVE-2024-43343
CVE-2024-43343 affects the WordPress Order Tracking (Order Tracking – WordPress Status Tracking Plugin) up to version 3.3.12, with Missing Authorization due to ACL enforcement gaps enabling unauthorized access to certain functions. Root cause: lack of proper authorization checks in Order Tracking...