Vulnerabilities > Villatheme > Orders Tracking FOR Woocommerce
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-04 | CVE-2023-4216 | Unspecified vulnerability in Villatheme Orders Tracking for Woocommerce The Orders Tracking for WooCommerce WordPress plugin before 1.2.6 doesn't validate the file_url parameter when importing a CSV file, allowing high privilege users with the manage_woocommerce capability to access any file on the web server via a Traversal attack. | 2.7 |
| 2022-01-24 | CVE-2021-25062 | Cross-site Scripting vulnerability in Villatheme Orders Tracking for Woocommerce The Orders Tracking for WooCommerce WordPress plugin before 1.1.10 does not sanitise and escape the file_url before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting | 4.3 |