Automated Fedex Live Manual Rates With Shipping Labels
Monthly
Unauthenticated access control bypass in Aarsiv Groups' a2z-fedex-shipping WordPress plugin (versions ≤5.1.8) allows remote attackers to exploit incorrectly configured authorization checks, enabling unauthorized viewing, modification, or disruption of FedEx shipping data and label generation. The vulnerability is categorized as automatable with partial technical impact per SSVC framework, though EPSS scoring indicates low observed exploitation probability (0.02%, 4th percentile). Patchstack reported this CWE-862 missing authorization flaw; no active exploitation confirmed via CISA KEV at time of analysis.
Unauthenticated access control bypass in Aarsiv Groups' a2z-fedex-shipping WordPress plugin (versions ≤5.1.8) allows remote attackers to exploit incorrectly configured authorization checks, enabling unauthorized viewing, modification, or disruption of FedEx shipping data and label generation. The vulnerability is categorized as automatable with partial technical impact per SSVC framework, though EPSS scoring indicates low observed exploitation probability (0.02%, 4th percentile). Patchstack reported this CWE-862 missing authorization flaw; no active exploitation confirmed via CISA KEV at time of analysis.