Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
4DescriptionCVE.org
Missing Authorization vulnerability in Özgür KARALAR Kargo Takip kargo-takip-turkiye allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Kargo Takip: from n/a through < 0.2.4.
AnalysisAI
Kargo Takip versions prior to 0.2.4 contain a missing authorization vulnerability that allows authenticated users to modify data or perform unauthorized actions due to improper access control enforcement. An attacker with valid credentials could exploit this weakness to manipulate shipment tracking information or other protected resources without proper privilege verification. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Vulnerability AssessmentAI
| Risk Assessment | While a CVSS score and vector are not provided, the CWE-862 classification combined with the 'Authentication Bypass' tag indicates this is a high-severity issue with direct exploitability. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An unauthenticated attacker navigates directly to a protected cargo tracking endpoint or admin function within the Kargo Takip plugin. Due to missing authorization checks, the plugin fails to validate the attacker's permissions and returns sensitive cargo tracking data or allows modification of tracking records. … |
| Remediation | Immediately upgrade the Kargo Takip plugin to version 0.2.4 or later from the official WordPress plugin repository or the vendor's distribution channel. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Kargo Takip
View allSame weakness CWE-862 – Missing Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-15687
GHSA-c33c-vr44-685c