Search criteria
2 vulnerabilities found for Tipsacarrier by Unknown
CVE-2021-25002 (GCVE-0-2021-25002)
Vulnerability from nvd – Published: 2022-05-02 16:05 – Updated: 2024-08-03 19:49
VLAI
Title
Tipsacarrier < 1.5.0.5 - Unauthenticated Orders Disclosure
Summary
The Tipsacarrier WordPress plugin before 1.5.0.5 does not have any authorisation check in place some functions, which could allow unauthenticated users to access Orders data which could be used to retrieve the client full address, name and phone via tracking URL
Severity
No CVSS data available.
CWE
- CWE-862 - Missing Authorization
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/b14f476e-3124-4c… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | Tipsacarrier |
Affected:
1.5.0.5 , < 1.5.0.5
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:49:14.548Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/b14f476e-3124-4cbf-91b4-ae53c4dabd7c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Tipsacarrier",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.5.0.5",
"status": "affected",
"version": "1.5.0.5",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Jos\u00e9 Aguilera"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Tipsacarrier WordPress plugin before 1.5.0.5 does not have any authorisation check in place some functions, which could allow unauthenticated users to access Orders data which could be used to retrieve the client full address, name and phone via tracking URL"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-19T14:00:37.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/b14f476e-3124-4cbf-91b4-ae53c4dabd7c"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Tipsacarrier \u003c 1.5.0.5 - Unauthenticated Orders Disclosure",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-25002",
"STATE": "PUBLIC",
"TITLE": "Tipsacarrier \u003c 1.5.0.5 - Unauthenticated Orders Disclosure"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Tipsacarrier",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.5.0.5",
"version_value": "1.5.0.5"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Jos\u00e9 Aguilera"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Tipsacarrier WordPress plugin before 1.5.0.5 does not have any authorisation check in place some functions, which could allow unauthenticated users to access Orders data which could be used to retrieve the client full address, name and phone via tracking URL"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/b14f476e-3124-4cbf-91b4-ae53c4dabd7c",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/b14f476e-3124-4cbf-91b4-ae53c4dabd7c"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-25002",
"datePublished": "2022-05-02T16:05:29.000Z",
"dateReserved": "2021-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:49:14.548Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25002 (GCVE-0-2021-25002)
Vulnerability from cvelistv5 – Published: 2022-05-02 16:05 – Updated: 2024-08-03 19:49
VLAI
Title
Tipsacarrier < 1.5.0.5 - Unauthenticated Orders Disclosure
Summary
The Tipsacarrier WordPress plugin before 1.5.0.5 does not have any authorisation check in place some functions, which could allow unauthenticated users to access Orders data which could be used to retrieve the client full address, name and phone via tracking URL
Severity
No CVSS data available.
CWE
- CWE-862 - Missing Authorization
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/b14f476e-3124-4c… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | Tipsacarrier |
Affected:
1.5.0.5 , < 1.5.0.5
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:49:14.548Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/b14f476e-3124-4cbf-91b4-ae53c4dabd7c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Tipsacarrier",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.5.0.5",
"status": "affected",
"version": "1.5.0.5",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Jos\u00e9 Aguilera"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Tipsacarrier WordPress plugin before 1.5.0.5 does not have any authorisation check in place some functions, which could allow unauthenticated users to access Orders data which could be used to retrieve the client full address, name and phone via tracking URL"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-19T14:00:37.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/b14f476e-3124-4cbf-91b4-ae53c4dabd7c"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Tipsacarrier \u003c 1.5.0.5 - Unauthenticated Orders Disclosure",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-25002",
"STATE": "PUBLIC",
"TITLE": "Tipsacarrier \u003c 1.5.0.5 - Unauthenticated Orders Disclosure"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Tipsacarrier",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.5.0.5",
"version_value": "1.5.0.5"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Jos\u00e9 Aguilera"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Tipsacarrier WordPress plugin before 1.5.0.5 does not have any authorisation check in place some functions, which could allow unauthenticated users to access Orders data which could be used to retrieve the client full address, name and phone via tracking URL"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/b14f476e-3124-4cbf-91b4-ae53c4dabd7c",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/b14f476e-3124-4cbf-91b4-ae53c4dabd7c"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-25002",
"datePublished": "2022-05-02T16:05:29.000Z",
"dateReserved": "2021-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:49:14.548Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}