Posti Shipping
by WordPress
Source repositories
CVEs (3)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-56005 | Med | 0.42 | 6.5 | 0.00 | Dec 16, 2024 | Cross-Site Request Forgery (CSRF) vulnerability in Posti Posti Shipping posti-shipping allows Cross Site Request Forgery.This issue affects Posti Shipping: from n/a through <= 3.10.3. | ||
| CVE-2024-50512 | Med | 0.34 | 5.3 | 0.00 | Oct 30, 2024 | Generation of Error Message Containing Sensitive Information vulnerability in Posti Posti Shipping posti-shipping allows Retrieve Embedded Sensitive Data.This issue affects Posti Shipping: from n/a through <= 3.10.2. | ||
| CVE-2024-10832 | Med | 0.33 | 6.1 | 0.00 | Dec 4, 2024 | The Posti Shipping plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the account_number and secret_key parameters in all versions up to, and including, 3.10.3 due to insufficient input sanitization and output escaping. This makes it possible for… |
- risk 0.42cvss 6.5epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Posti Posti Shipping posti-shipping allows Cross Site Request Forgery.This issue affects Posti Shipping: from n/a through <= 3.10.3.
- risk 0.34cvss 5.3epss 0.00
Generation of Error Message Containing Sensitive Information vulnerability in Posti Posti Shipping posti-shipping allows Retrieve Embedded Sensitive Data.This issue affects Posti Shipping: from n/a through <= 3.10.2.
- risk 0.33cvss 6.1epss 0.00
The Posti Shipping plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the account_number and secret_key parameters in all versions up to, and including, 3.10.3 due to insufficient input sanitization and output escaping. This makes it possible for…