The Tipsacarrier WordPress plugin before 1.5.0.5 does not have any authorisation check in place some functions, which could allow unauthenticated users to access Orders data which could be used to retrieve the client full address, name and phone via tracking URL
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: WPScan
Published: 2022-05-02T16:05:29
Updated: 2024-08-03T19:49:14.548Z
Reserved: 2021-01-14T00:00:00
Link: CVE-2021-25002
Vulnrichment
No data.
NVD
Status : Modified
Published: 2022-05-02T16:15:07.973
Modified: 2024-11-21T05:54:09.977
Link: CVE-2021-25002
Redhat
No data.