CVE-2021-25002 — HIGH (7.5)

Q: How severe is CVE-2021-25002?

CVE-2021-25002 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-25002?

Check the references section above for vendor advisories and patch information. Affected products include: Tipsacarrier Project Tipsacarrier.

Vulnerability Description

The Tipsacarrier WordPress plugin before 1.5.0.5 does not have any authorisation check in place some functions, which could allow unauthenticated users to access Orders data which could be used to retrieve the client full address, name and phone via tracking URL

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Tipsacarrier Project	Tipsacarrier	< 1.5.0.5

Related Weaknesses (CWE)

CWE-862

References

https://wpscan.com/vulnerability/b14f476e-3124-4cbf-91b4-ae53c4dabd7cExploitThird Party Advisory
https://wpscan.com/vulnerability/b14f476e-3124-4cbf-91b4-ae53c4dabd7cExploitThird Party Advisory

FAQ

What is CVE-2021-25002?

CVE-2021-25002 is a vulnerability with a CVSS score of 7.5 (HIGH). The Tipsacarrier WordPress plugin before 1.5.0.5 does not have any authorisation check in place some functions, which could allow unauthenticated users to access Orders data which could be used to ret...

How severe is CVE-2021-25002?

CVE-2021-25002 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-25002?

Check the references section above for vendor advisories and patch information. Affected products include: Tipsacarrier Project Tipsacarrier.