Gls Shipping For Woocommerce
by WordPress
Source repositories
CVEs (3)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-4107 | Med | 0.42 | 6.5 | 0.00 | Dec 19, 2022 | The SMSA Shipping for WooCommerce WordPress plugin before 1.0.5 does not have authorisation and proper CSRF checks, as well as does not validate the file to be downloaded, allowing any authenticated users, such as subscriber to download arbitrary file from the server | ||
| CVE-2026-6417 | Med | 0.33 | 6.1 | 0.00 | May 14, 2026 | The GLS Shipping for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'failed_orders' parameter in all versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping. This makes it possible for… | ||
| CVE-2024-11842 | Med | 0.28 | 4.3 | 0.00 | Dec 27, 2024 | The DN Shipping by Weight for WooCommerce WordPress plugin before 1.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack |
- risk 0.42cvss 6.5epss 0.00
The SMSA Shipping for WooCommerce WordPress plugin before 1.0.5 does not have authorisation and proper CSRF checks, as well as does not validate the file to be downloaded, allowing any authenticated users, such as subscriber to download arbitrary file from the server
- risk 0.33cvss 6.1epss 0.00
The GLS Shipping for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'failed_orders' parameter in all versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping. This makes it possible for…
- risk 0.28cvss 4.3epss 0.00
The DN Shipping by Weight for WooCommerce WordPress plugin before 1.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack