Vulnerabilities > Etoilewebdesign > Order Tracking > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-08-31 | CVE-2023-4471 | Unspecified vulnerability in Etoilewebdesign Order Tracking 3.3.6 The Order Tracking Pro plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the start_date and end_date parameters in versions up to, and including, 3.3.6 due to insufficient input sanitization and output escaping. | 6.1 |
2023-08-31 | CVE-2023-4500 | Unspecified vulnerability in Etoilewebdesign Order Tracking 3.3.6 The Order Tracking Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the order status parameter in versions up to, and including, 3.3.6 due to insufficient input sanitization and output escaping. | 4.8 |