WPCargo Track & Trace
by WordPress
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-25003 | Cri | 0.68 | 9.8 | 0.56 | Mar 14, 2022 | The WPCargo Track & Trace WordPress plugin before 6.9.0 contains a file which could allow unauthenticated attackers to write a PHP file anywhere on the web server, leading to RCE | ||
| CVE-2024-44004 | Cri | 0.60 | 9.3 | 0.00 | Sep 17, 2024 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Arni Cinco WPCargo Track & Trace wpcargo allows SQL Injection.This issue affects WPCargo Track & Trace: from n/a through <= 8.0.2. | ||
| CVE-2022-1436 | Med | 0.40 | 6.1 | 0.01 | May 16, 2022 | The WPCargo Track & Trace WordPress plugin before 6.9.5 does not sanitise and escape the wpcargo_tracking_number parameter before outputting it back in the page, which could allow attackers to perform reflected Cross-Site Scripting attacks. | ||
| CVE-2024-54271 | Med | 0.35 | 5.4 | 0.00 | Dec 13, 2024 | Missing Authorization vulnerability in Arni Cinco WPCargo Track & Trace wpcargo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPCargo Track & Trace: from n/a through <= 8.0.2. | ||
| CVE-2022-1435 | Med | 0.31 | 4.8 | 0.01 | May 16, 2022 | The WPCargo Track & Trace WordPress plugin before 6.9.5 does not sanitize and escapes some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed. | ||
| CVE-2025-31609 | Med | 0.28 | 4.3 | 0.00 | Mar 31, 2025 | Missing Authorization vulnerability in Arni Cinco WPCargo Track & Trace wpcargo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPCargo Track & Trace: from n/a through <= 8.0.2. |
- risk 0.68cvss 9.8epss 0.56
The WPCargo Track & Trace WordPress plugin before 6.9.0 contains a file which could allow unauthenticated attackers to write a PHP file anywhere on the web server, leading to RCE
- risk 0.60cvss 9.3epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Arni Cinco WPCargo Track & Trace wpcargo allows SQL Injection.This issue affects WPCargo Track & Trace: from n/a through <= 8.0.2.
- risk 0.40cvss 6.1epss 0.01
The WPCargo Track & Trace WordPress plugin before 6.9.5 does not sanitise and escape the wpcargo_tracking_number parameter before outputting it back in the page, which could allow attackers to perform reflected Cross-Site Scripting attacks.
- risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in Arni Cinco WPCargo Track & Trace wpcargo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPCargo Track & Trace: from n/a through <= 8.0.2.
- risk 0.31cvss 4.8epss 0.01
The WPCargo Track & Trace WordPress plugin before 6.9.5 does not sanitize and escapes some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed.
- risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Arni Cinco WPCargo Track & Trace wpcargo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPCargo Track & Trace: from n/a through <= 8.0.2.