The function update_shipment_status_email_status_fun in the plugin Advanced Shipment Tracking for WooCommerce in versions up to 3.2.6 is vulnerable to authenticated arbitrary options update. The function allows attackers (including those at customer level) to update any WordPress option in the database. Version 3.2.5 was initially released as a fix, but doesn't fully address the issue.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 06:37
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.9 |
References | () https://blog.nintechnet.com/wordpress-advanced-shipment-tracking-for-woocommerce-fixed-critical-vulnerability/ - Exploit | |
References | () https://www.wordfence.com/threat-intel/vulnerabilities/id/4174b47a-75d0-4ada-bd4d-efbaf0b1a049?source=cve - Third Party Advisory |
13 Jun 2023, 16:20
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-862 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
First Time |
Zorem advanced Shipment Tracking For Woocommerce
Zorem |
|
CPE | cpe:2.3:a:zorem:advanced_shipment_tracking_for_woocommerce:*:*:*:*:*:wordpress:*:* | |
References | (MISC) https://www.wordfence.com/threat-intel/vulnerabilities/id/4174b47a-75d0-4ada-bd4d-efbaf0b1a049?source=cve - Third Party Advisory | |
References | (MISC) https://blog.nintechnet.com/wordpress-advanced-shipment-tracking-for-woocommerce-fixed-critical-vulnerability/ - Exploit |
07 Jun 2023, 02:44
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-06-07 02:15
Updated : 2024-11-21 06:37
NVD link : CVE-2021-4347
Mitre link : CVE-2021-4347
CVE.ORG link : CVE-2021-4347
JSON object : View
Products Affected
zorem
- advanced_shipment_tracking_for_woocommerce
CWE
CWE-862
Missing Authorization