VYPR

Smsa Shipping Official

by WordPress

Source repositories

CVEs (2)

  • CVE-2024-12066HigDec 21, 2024
    risk 0.58cvss 8.8epss 0.01

    The SMSA Shipping(official) plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the smsa_delete_label() function in all versions up to, and including, 2.3. This makes it possible for authenticated attackers, with…

  • CVE-2024-49249HigJan 7, 2025
    risk 0.56cvss 8.6epss 0.01

    Path Traversal: '.../...//' vulnerability in SMSA Express SMSA Shipping smsa-shipping-official allows Path Traversal.This issue affects SMSA Shipping: from n/a through <= 2.3.