Skip to main content

Dhl Ecommerce Benelux For Woocommerce

1 CVEs product

Monthly

CVE-2026-9235 MEDIUM This Month

Unauthorized shipping label manipulation in DHL eCommerce (Benelux) for WooCommerce versions up to 2.2.3 allows any authenticated WordPress user - down to Subscriber level - to create or delete DHL shipping labels for any WooCommerce order site-wide. The two vulnerable AJAX handlers lack both capability verification and nonce (CSRF token) checks, meaning the attacker-supplied order ID is acted upon without confirming the caller has order management rights. No public exploit is identified and this is not listed in CISA KEV, but the low authentication bar (any registered user) and operational impact on fulfillment make this a meaningful risk for Benelux e-commerce stores with open user registration.

Authentication Bypass WordPress Dhl Ecommerce Benelux For Woocommerce
NVD
CVSS 3.1
4.3
EPSS
0.2%
EPSS 0% CVSS 4.3
MEDIUM This Month

Unauthorized shipping label manipulation in DHL eCommerce (Benelux) for WooCommerce versions up to 2.2.3 allows any authenticated WordPress user - down to Subscriber level - to create or delete DHL shipping labels for any WooCommerce order site-wide. The two vulnerable AJAX handlers lack both capability verification and nonce (CSRF token) checks, meaning the attacker-supplied order ID is acted upon without confirming the caller has order management rights. No public exploit is identified and this is not listed in CISA KEV, but the low authentication bar (any registered user) and operational impact on fulfillment make this a meaningful risk for Benelux e-commerce stores with open user registration.

Authentication Bypass WordPress Dhl Ecommerce Benelux For Woocommerce
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy