2 matches found
CVE-2021-4347
Summary: The WordPress plugin Advanced Shipment Tracking for WooCommerce (versions up to 3.2.6) is vulnerable due to the function update_shipment_status_email_status_fun , which allows authenticated attackers (including at customer level) to update any WordPress option in the database. The issue ...
CVE-2022-41635
CVE-2022-41635 is a Cross-Site Request Forgery (CSRF) vulnerability affecting the WordPress plugin “Zorem Advanced Shipment Tracking for WooCommerce” up to version 3.5.2. The issue enables CSRF in actions related to shipment tracking settings (per Patchstack entry), with a release fix noted in ve...