Eshipper Commerce
Monthly
eShipper Commerce plugin versions up to 2.16.12 allow unauthenticated attackers to modify data through missing authorization checks on access control enforcement points. The vulnerability exposes WordPress sites running this e-commerce plugin to unauthorized state changes without requiring authentication, with a low EPSS exploitation probability (0.02% percentile 4%) suggesting limited real-world attack incentive despite the network-accessible attack vector.
eShipper Commerce plugin versions up to 2.16.12 allow unauthenticated attackers to modify data through missing authorization checks on access control enforcement points. The vulnerability exposes WordPress sites running this e-commerce plugin to unauthorized state changes without requiring authentication, with a low EPSS exploitation probability (0.02% percentile 4%) suggesting limited real-world attack incentive despite the network-accessible attack vector.