VYPR

WPCargo Track & Trace

by WordPress

CVEs (6)

  • CVE-2021-25003CriMar 14, 2022
    risk 0.68cvss 9.8epss 0.56

    The WPCargo Track & Trace WordPress plugin before 6.9.0 contains a file which could allow unauthenticated attackers to write a PHP file anywhere on the web server, leading to RCE

  • CVE-2024-44004CriSep 17, 2024
    risk 0.60cvss 9.3epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Arni Cinco WPCargo Track & Trace wpcargo allows SQL Injection.This issue affects WPCargo Track & Trace: from n/a through <= 8.0.2.

  • CVE-2022-1436MedMay 16, 2022
    risk 0.40cvss 6.1epss 0.01

    The WPCargo Track & Trace WordPress plugin before 6.9.5 does not sanitise and escape the wpcargo_tracking_number parameter before outputting it back in the page, which could allow attackers to perform reflected Cross-Site Scripting attacks.

  • CVE-2024-54271MedDec 13, 2024
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in Arni Cinco WPCargo Track & Trace wpcargo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPCargo Track & Trace: from n/a through <= 8.0.2.

  • CVE-2022-1435MedMay 16, 2022
    risk 0.31cvss 4.8epss 0.01

    The WPCargo Track & Trace WordPress plugin before 6.9.5 does not sanitize and escapes some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed.

  • CVE-2025-31609MedMar 31, 2025
    risk 0.28cvss 4.3epss 0.00

    Missing Authorization vulnerability in Arni Cinco WPCargo Track & Trace wpcargo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPCargo Track & Trace: from n/a through <= 8.0.2.