WordPress Plugin Vulnerabilities

OPSI Israel Domestic Shipments <= 2.8.2 - Missing Authorization

Description

The plugin is vulnerable to unauthorized access due to a missing capability check on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action.

Affects Plugins

Plugin icon
woo-ups-pickup
No known fix

References

CVE
CVE-2025-23766
URL
https://patchstack.com/database/wordpress/plugin/woo-ups-pickup/vulnerability/wordpress-opsi-israel-domestic-shipments-plugin-2-6-3-broken-access-control-vulnerability?_s_id=cve

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Kévin Mosbahi (Mika)
Verified
No
WPVDB ID
220c85d3-83c5-4109-8ded-be430ca29022

Timeline

Publicly Published
2025-01-16 (about 1 year ago)
Added
2025-02-19 (about 1 year ago)
Last Updated
2026-01-22 (about 1 month ago)

Other

Published
Title
Published
2025-03-04
Title
JNews - WordPress Newspaper Magazine Blog AMP Theme < 11.6.7 - Unauthorized User Registration
Published
2023-12-06
Title
System Dashboard < 2.8.8 - Missing Authorization to Information Disclosure (sd_php_info)
Published
2025-04-01
Title
OpenAI Tools for WordPress & WooCommerce <= 2.1.5 - Missing Authorization
Published
2025-03-11
Title
SecuPress Free < 2.3 - Missing Authorization
Published
2026-01-13
Title
Reservation <= 1.7 - Missing Authorization to Unauthenticated Settings Update