Vulnerabilities > Villatheme > Orders Tracking FOR Woocommerce

DATE CVE VULNERABILITY TITLE RISK
2023-09-04 CVE-2023-4216 Unspecified vulnerability in Villatheme Orders Tracking for Woocommerce
The Orders Tracking for WooCommerce WordPress plugin before 1.2.6 doesn't validate the file_url parameter when importing a CSV file, allowing high privilege users with the manage_woocommerce capability to access any file on the web server via a Traversal attack.
network
low complexity
villatheme
2.7
2022-01-24 CVE-2021-25062 Cross-site Scripting vulnerability in Villatheme Orders Tracking for Woocommerce
The Orders Tracking for WooCommerce WordPress plugin before 1.1.10 does not sanitise and escape the file_url before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting
network
villatheme CWE-79
4.3