3 matches found
CVE-2022-1436
The CVE-2022-1436 entry refers to the WPCargo Track & Trace WordPress plugin prior to version 6.9.5. The vulnerability is a reflected Cross-Site Scripting (XSS) flaw caused by the plugin not sanitising and escaping the wpcargo_tracking_number parameter before outputting it back in the page. This ...
CVE-2022-1435
CVE-2022-1435 affects the WordPress WPCargo Track & Trace plugin prior to 6.9.5. The vulnerability arises from insufficient sanitization/escaping of certain plugin settings, which could allow an authenticated high-privilege user (e.g., admin) to perform Cross-Site Scripting (XSS) attacks even whe...
CVE-2024-44004
CVE-2024-44004 affects WP cargo Track & Trace (WordPress) plugin versions up to and including 7.0.6. The vulnerability is an unauthenticated SQL Injection caused by improper neutralization of input in WPCargo Track & Trace, leading to potential remote database manipulation. Public disclosures in ...