| |
Vulnerability CVE-2021-25002
Published: 2022-05-02
| Description: |
The Tipsacarrier WordPress plugin through 1.4.4.2 does not have any authorisation check in place some functions, which could allow unauthenticated users to access Orders data which could be used to retrieve the client full address, name and phone via tracking URL |
Type:
CWE-862 (Missing Authorization)
CVSS2 => (AV:N/AC:L/Au:N/C:P/I:N/A:N)
| CVSS Base Score |
Impact Subscore |
Exploitability Subscore |
5/10 |
2.9/10 |
10/10 |
| Exploit range |
Attack complexity |
Authentication |
Remote |
Low |
No required |
| Confidentiality impact |
Integrity impact |
Availability impact |
Partial |
None |
None |
References: |
https://wpscan.com/vulnerability/b14f476e-3124-4cbf-91b4-ae53c4dabd7c
|
|
|
Copyright 2024, cxsecurity.com
|
|
|
