VYPR

Gls Shipping For Woocommerce

by WordPress

Source repositories

CVEs (3)

  • CVE-2022-4107MedDec 19, 2022
    risk 0.42cvss 6.5epss 0.00

    The SMSA Shipping for WooCommerce WordPress plugin before 1.0.5 does not have authorisation and proper CSRF checks, as well as does not validate the file to be downloaded, allowing any authenticated users, such as subscriber to download arbitrary file from the server

  • CVE-2026-6417MedMay 14, 2026
    risk 0.33cvss 6.1epss 0.00

    The GLS Shipping for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'failed_orders' parameter in all versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping. This makes it possible for…

  • CVE-2024-11842MedDec 27, 2024
    risk 0.28cvss 4.3epss 0.00

    The DN Shipping by Weight for WooCommerce WordPress plugin before 1.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

VYPR — Vulnerability Intelligence