CVE-2021-25002

HIGH

Tipsacarrier WordPress <1.5.0.5 - Info Disclosure

Title source: llm
STIX 2.1

Description

The Tipsacarrier WordPress plugin before 1.5.0.5 does not have any authorisation check in place some functions, which could allow unauthenticated users to access Orders data which could be used to retrieve the client full address, name and phone via tracking URL

References (1)

Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://wpscan.com/vulnerability/b14f476e-3124-4cbf-91b4-ae53c4dabd7c

Scores

CVSS v3 7.5
EPSS 0.0147
EPSS Percentile 70.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-862
Status published
Products (1)
tipsacarrier_project/tipsacarrier < 1.5.0.5
Published May 02, 2022
Tracked Since Feb 18, 2026