Skip to main content

Shipment Tracker For Woocommerce

1 CVEs product

Monthly

CVE-2026-39540 MEDIUM This Month

Stored Cross-Site Scripting in the Shipment Tracker for WooCommerce WordPress plugin (versions up to and including 1.5.3.2) allows authenticated subscriber-level users to inject malicious scripts that execute in a privileged user's browser session. The CVSS scope-change flag (S:C) indicates the injected payload crosses into the administrator's browser context, enabling session hijacking, credential theft, or unauthorized admin actions. Reported by Patchstack with no public exploit code identified at time of analysis and no CISA KEV listing.

WordPress XSS Shipment Tracker For Woocommerce
NVD
CVSS 3.1
6.5
EPSS
0.2%
EPSS 0% CVSS 6.5
MEDIUM This Month

Stored Cross-Site Scripting in the Shipment Tracker for WooCommerce WordPress plugin (versions up to and including 1.5.3.2) allows authenticated subscriber-level users to inject malicious scripts that execute in a privileged user's browser session. The CVSS scope-change flag (S:C) indicates the injected payload crosses into the administrator's browser context, enabling session hijacking, credential theft, or unauthorized admin actions. Reported by Patchstack with no public exploit code identified at time of analysis and no CISA KEV listing.

WordPress XSS Shipment Tracker For Woocommerce
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy