Описание
The Tipsacarrier WordPress plugin before 1.5.0.5 does not have any authorisation check in place some functions, which could allow unauthenticated users to access Orders data which could be used to retrieve the client full address, name and phone via tracking URL
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.5.0.5 (исключая)
cpe:2.3:a:tipsacarrier_project:tipsacarrier:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 79%
0.01202
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-862
Связанные уязвимости
CVSS3: 7.5
github
почти 4 года назад
The Tipsacarrier WordPress plugin through 1.4.4.2 does not have any authorisation check in place some functions, which could allow unauthenticated users to access Orders data which could be used to retrieve the client full address, name and phone via tracking URL
EPSS
Процентиль: 79%
0.01202
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-862