Orders Tracking for WooCommerce < 1.1.10 – Reflected Cross-Site Scripting | CVE 2021-25062

Affects Plugins

woo-orders-tracking

Fixed in 1.1.10

References

CVE

CVE-2021-25062

URL

https://plugins.trac.wordpress.org/changeset/2643807

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

7.5 (high)

Miscellaneous

Original Researcher

Krzysztof Zając

Submitter

Krzysztof Zając

Submitter website

https://kazet.cc/

Verified

Yes

WPVDB ID

dc9a5d36-7453-46a8-a17f-712449d7987d

Timeline

Publicly Published

2021-12-27 (about 3 years ago)

Added

2021-12-27 (about 3 years ago)

Last Updated

2022-04-13 (about 3 years ago)

Other

Published

Title

Published

2023-12-19

Title

WooCommerce Menu Extension <= 1.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2021-12-20

Title

Event Calendar < 1.1.51 - Reflected Cross-Site Scripting

Published

2025-06-19

Title

RDFa Breadcrumb <= 2.3 - Authenticated (Administrator+) Stored Cross-Site Scripting

Published

2025-10-05

Title

The7 < 12.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2024-08-28

Title

The Plus Addons for Elementor Page Builder Lite < 5.6.3 - Authenticated (Author+) Stored Cross-Site Scripting