VYPR

Mimo Woocommerce Order Tracking

by WordPress

Source repositories

CVEs (4)

  • CVE-2024-5768MedJun 19, 2024
    risk 0.42cvss 6.4epss 0.00

    The MIMO Woocommerce Order Tracking plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'mimo_update_provider' function in all versions up to, and including, 1.0.2. This makes it possible for authenticated attackers,…

  • CVE-2021-25062MedJan 24, 2022
    risk 0.33cvss 6.1epss 0.01

    The Orders Tracking for WooCommerce WordPress plugin before 1.1.10 does not sanitise and escape the file_url before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting

  • CVE-2024-5769MedJan 9, 2025
    risk 0.28cvss 4.3epss 0.00

    The MIMO Woocommerce Order Tracking plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 1.0.2. This makes it possible for authenticated attackers, with…

  • CVE-2023-4216LowSep 4, 2023
    risk 0.18cvss 2.7epss 0.01

    The Orders Tracking for WooCommerce WordPress plugin before 1.2.6 doesn't validate the file_url parameter when importing a CSV file, allowing high privilege users with the manage_woocommerce capability to access any file on the web server via a Traversal attack. The content…