Security Advisory

CVE-2021-25002

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-05-02 16:05:29

Last updated 2024-08-03 19:49:14

Assigner WPScan

State PUBLISHED

Description

The Tipsacarrier WordPress plugin before 1.5.0.5 does not have any authorisation check in place some functions, which could allow unauthenticated users to access Orders data which could be used to retrieve the client full address, name and phone via tracking URL

← Browse all CVEs View on cve.org ↗