Wpcargo Track Trace
Monthly
A missing authorization vulnerability exists in Arni Cinco WPCargo Track & Trace WordPress plugin through version 8.0.2, where incorrectly configured access control allows attackers to bypass authentication mechanisms and exploit sensitive functionality. This broken access control flaw (CWE-862) affects all installations of the plugin up to and including version 8.0.2, enabling unauthenticated or low-privileged attackers to access resources or perform actions they should not be permitted to execute. The vulnerability was reported by Patchstack and has been tracked under ENISA EUVD ID EUVD-2026-15715.
A missing authorization vulnerability exists in Arni Cinco WPCargo Track & Trace WordPress plugin through version 8.0.2, where incorrectly configured access control allows attackers to bypass authentication mechanisms and exploit sensitive functionality. This broken access control flaw (CWE-862) affects all installations of the plugin up to and including version 8.0.2, enabling unauthenticated or low-privileged attackers to access resources or perform actions they should not be permitted to execute. The vulnerability was reported by Patchstack and has been tracked under ENISA EUVD ID EUVD-2026-15715.