Wpcargo Track & Trace Security Vulnerabilities and Issues — Wpcargo Track & Trace CVE List

Lucene search

WptaskforceWpcargo Track & Trace

5 matches found

CVE•added 2022/03/14 3:15 p.m.•238 views

CVE-2021-25003

The WPCargo Track & Trace WordPress plugin before 6.9.0 contains a file which could allow unauthenticated attackers to write a PHP file anywhere on the web server, leading to RCE

9.8CVSS9.6AI score0.91907EPSS

CVE•added 2022/05/16 3:15 p.m.•68 views

CVE-2022-1436

The WPCargo Track & Trace WordPress plugin before 6.9.5 does not sanitise and escape the wpcargo_tracking_number parameter before outputting it back in the page, which could allow attackers to perform reflected Cross-Site Scripting attacks.

6.1CVSS6.1AI score0.00199EPSS

CVE•added 2022/05/16 3:15 p.m.•61 views

CVE-2022-1435

The WPCargo Track & Trace WordPress plugin before 6.9.5 does not sanitize and escapes some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed.

4.8CVSS4.9AI score0.00214EPSS

CVE•added 2024/09/17 11:15 p.m.•34 views

CVE-2024-44004

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPTaskForce WPCargo Track & Trace allows SQL Injection.This issue affects WPCargo Track & Trace: from n/a through 7.0.6.

9.8CVSS9.9AI score0.00279EPSS

CVE•added 2024/12/13 3:15 p.m.•32 views

CVE-2024-54271

Missing Authorization vulnerability in WPTaskForce WPCargo Track & Trace allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPCargo Track & Trace: from n/a through 7.0.6.

5.4CVSS5.6AI score0.00068EPSS