Skip to main content

Automated Fedex Live Manual Rates With Shipping Labels

1 CVEs product

Monthly

CVE-2026-25456 HIGH This Week

Unauthenticated access control bypass in Aarsiv Groups' a2z-fedex-shipping WordPress plugin (versions ≤5.1.8) allows remote attackers to exploit incorrectly configured authorization checks, enabling unauthorized viewing, modification, or disruption of FedEx shipping data and label generation. The vulnerability is categorized as automatable with partial technical impact per SSVC framework, though EPSS scoring indicates low observed exploitation probability (0.02%, 4th percentile). Patchstack reported this CWE-862 missing authorization flaw; no active exploitation confirmed via CISA KEV at time of analysis.

Authentication Bypass Automated Fedex Live Manual Rates With Shipping Labels
NVD VulDB
CVSS 3.1
7.3
EPSS
0.0%
EPSS 0% CVSS 7.3
HIGH This Week

Unauthenticated access control bypass in Aarsiv Groups' a2z-fedex-shipping WordPress plugin (versions ≤5.1.8) allows remote attackers to exploit incorrectly configured authorization checks, enabling unauthorized viewing, modification, or disruption of FedEx shipping data and label generation. The vulnerability is categorized as automatable with partial technical impact per SSVC framework, though EPSS scoring indicates low observed exploitation probability (0.02%, 4th percentile). Patchstack reported this CWE-862 missing authorization flaw; no active exploitation confirmed via CISA KEV at time of analysis.

Authentication Bypass Automated Fedex Live Manual Rates With Shipping Labels
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy