Woocommerce Dropshipping
Monthly
Broken authentication in WooCommerce Dropshipping plugin versions 5.2.4 and earlier allows unauthenticated remote attackers to bypass authentication controls via an alternate path or channel (CWE-288), yielding partial confidentiality and integrity impact on affected WordPress e-commerce installations. Reported by Patchstack, the flaw is confirmed at CVSS 6.5 Medium with a fully network-accessible, zero-complexity attack path requiring no privileges or user interaction. No public exploit code or CISA KEV listing exists at time of analysis, moderating real-world urgency despite the low exploitation barrier.
Missing Authorization vulnerability in OPMC WooCommerce Dropshipping.0.4. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The WooCommerce Dropshipping WordPress plugin before 4.4 does not properly sanitise and escape a parameter before using it in a SQL statement via a REST endpoint available to unauthenticated users,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Broken authentication in WooCommerce Dropshipping plugin versions 5.2.4 and earlier allows unauthenticated remote attackers to bypass authentication controls via an alternate path or channel (CWE-288), yielding partial confidentiality and integrity impact on affected WordPress e-commerce installations. Reported by Patchstack, the flaw is confirmed at CVSS 6.5 Medium with a fully network-accessible, zero-complexity attack path requiring no privileges or user interaction. No public exploit code or CISA KEV listing exists at time of analysis, moderating real-world urgency despite the low exploitation barrier.
Missing Authorization vulnerability in OPMC WooCommerce Dropshipping.0.4. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The WooCommerce Dropshipping WordPress plugin before 4.4 does not properly sanitise and escape a parameter before using it in a SQL statement via a REST endpoint available to unauthenticated users,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.