Shiptime
Monthly
Missing authorization in ShipTime: Discounted Shipping Rates WordPress plugin (versions ≤1.1.1) allows unauthenticated remote attackers to access sensitive shipping rate information and configuration via incorrectly configured access control, resulting in limited confidentiality compromise. CVSS 5.3 with 0.02% EPSS indicates low real-world exploitation probability despite network-accessible attack vector. CISA SSVC framework rates this as non-exploited with partial technical impact, suggesting this is a configuration weakness rather than an actively weaponized vulnerability.
Missing authorization in ShipTime: Discounted Shipping Rates WordPress plugin (versions ≤1.1.1) allows unauthenticated remote attackers to access sensitive shipping rate information and configuration via incorrectly configured access control, resulting in limited confidentiality compromise. CVSS 5.3 with 0.02% EPSS indicates low real-world exploitation probability despite network-accessible attack vector. CISA SSVC framework rates this as non-exploited with partial technical impact, suggesting this is a configuration weakness rather than an actively weaponized vulnerability.