Vulnerabilities > CVE-2021-25002 - Missing Authorization vulnerability in Tipsacarrier Project Tipsacarrier 1.4.4.2

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

tipsacarrier-project

CWE-862

NVD

Published: 2022-05-02

Updated: 2022-10-27

Summary

The Tipsacarrier WordPress plugin before 1.5.0.5 does not have any authorisation check in place some functions, which could allow unauthenticated users to access Orders data which could be used to retrieve the client full address, name and phone via tracking URL

Vulnerable Configurations

Part	Description	Count
Application	Tipsacarrier_Project Tipsacarrier Project Tipsacarrier 1.4.4.2	1

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

References

https://wpscan.com/vulnerability/b14f476e-3124-4cbf-91b4-ae53c4dabd7c