Skip to main content

Advanced Shipment Tracking For Woocommerce

2 CVEs product

Monthly

CVE-2026-57773 HIGH This Week

Blind SQL injection in the Zorem "Advanced Shipment Tracking for WooCommerce" WordPress plugin (all versions through 4.0) lets an authenticated high-privileged user inject SQL into a backend query and extract database contents inference by inference. There is no public exploit identified at time of analysis, and the issue is not listed in CISA KEV; it was disclosed via Patchstack. Because exploitation requires elevated WordPress privileges (CVSS PR:H), real-world risk is bounded to trusted-but-abusive or compromised admin/shop-manager accounts rather than anonymous internet attackers.

SQLi WordPress Advanced Shipment Tracking For Woocommerce
NVD
CVSS 3.1
7.6
EPSS
0.4%
CVE-2021-4347 CRITICAL POC Act Now

The function update_shipment_status_email_status_fun in the plugin Advanced Shipment Tracking for WooCommerce in versions up to 3.2.6 is vulnerable to authenticated arbitrary options update. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Advanced Shipment Tracking For Woocommerce
NVD
CVSS 3.1
9.9
EPSS
0.1%
EPSS 0% CVSS 7.6
HIGH This Week

Blind SQL injection in the Zorem "Advanced Shipment Tracking for WooCommerce" WordPress plugin (all versions through 4.0) lets an authenticated high-privileged user inject SQL into a backend query and extract database contents inference by inference. There is no public exploit identified at time of analysis, and the issue is not listed in CISA KEV; it was disclosed via Patchstack. Because exploitation requires elevated WordPress privileges (CVSS PR:H), real-world risk is bounded to trusted-but-abusive or compromised admin/shop-manager accounts rather than anonymous internet attackers.

SQLi WordPress Advanced Shipment Tracking For Woocommerce
NVD
EPSS 0% CVSS 9.9
CRITICAL POC Act Now

The function update_shipment_status_email_status_fun in the plugin Advanced Shipment Tracking for WooCommerce in versions up to 3.2.6 is vulnerable to authenticated arbitrary options update. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Advanced Shipment Tracking For Woocommerce
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy