Skip to main content

Colissimo Officiel

1 CVEs product

Monthly

CVE-2026-57341 MEDIUM This Month

Unauthenticated IDOR in Colissimo Officiel : Méthodes de livraison pour WooCommerce (versions ≤ 2.9.0) exposes shipping-related backend objects to manipulation by remote, unauthenticated attackers. Missing server-side authorization on object lookups allows adversaries to reference records belonging to other users, producing low integrity and availability impacts on WooCommerce shipping data with no confidentiality breach. No public exploit code or active exploitation has been identified at time of analysis, and no patched version number was independently confirmed in the available intelligence.

Authentication Bypass WordPress Colissimo Officiel
NVD
CVSS 3.1
6.5
EPSS
0.3%
EPSS 0% CVSS 6.5
MEDIUM This Month

Unauthenticated IDOR in Colissimo Officiel : Méthodes de livraison pour WooCommerce (versions ≤ 2.9.0) exposes shipping-related backend objects to manipulation by remote, unauthenticated attackers. Missing server-side authorization on object lookups allows adversaries to reference records belonging to other users, producing low integrity and availability impacts on WooCommerce shipping data with no confidentiality breach. No public exploit code or active exploitation has been identified at time of analysis, and no patched version number was independently confirmed in the available intelligence.

Authentication Bypass WordPress Colissimo Officiel
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy