WordPress Plugin Vulnerabilities

Advanced Shipment Tracking for WooCommerce < 3.2.7 - Authenticated Options Change

Description

The plugin was vulnerable to Authenticated Options Change allowing authenticated users to update arbitrary WordPress options.

Affects Plugins

Plugin icon
woo-advanced-shipment-tracking
Fixed in 3.2.7

References

CVE
CVE-2021-4347
URL
https://blog.nintechnet.com/wordpress-advanced-shipment-tracking-for-woocommerce-fixed-critical-vulnerability/

Classification

Type
PRIVESC
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-269
CVSS
9.9 (critical)

Miscellaneous

Original Researcher
nintechnet
Verified
No
WPVDB ID
e04cc01d-2491-45e4-a366-0479a4626ed2

Timeline

Publicly Published
2021-07-26 (about 4 years ago)
Added
2021-07-26 (about 4 years ago)
Last Updated
2023-06-08 (about 2 years ago)

Other

Published
Title
Published
2024-12-11
Title
KH Easy User Settings <= 1.0.0 - Authenticated (Subscriber+) Privilege Escalation
Published
2026-02-07
Title
JAY Login & Register < 2.6.04 - Authenticated (Subscriber+) Privilege Escalation via jay_panel_ajax_update_profile
Published
2019-08-09
Title
ND Restaurant Reservations < 1.5 - Unauthenticated Options Change
Published
2020-03-25
Title
All-in-One WP Migration < 7.15 - Arbitrary Backup Download
Published
2020-01-01
Title
Import Users From CSV with Meta 1.15 - Unauthorised Authenticated Users Export