Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    10 vulnerabilities by Arni Cinco

    CVE-2026-25401 (GCVE-0-2026-25401)

    Vulnerability from nvd – Published: 2026-03-25 16:14 – Updated: 2026-04-28 16:14
    VLAI
    Title
    WordPress WPCargo Track & Trace plugin <= 8.0.2 - Broken Access Control vulnerability
    Summary
    Missing Authorization vulnerability in Arni Cinco WPCargo Track & Trace wpcargo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPCargo Track & Trace: from n/a through <= 8.0.2.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Arni Cinco WPCargo Track & Trace Affected: 0 , ≤ 8.0.2 (custom)
    Create a notification for this product.
    Date Public
    2026-04-22 14:18
    Credits
    Nabil Irawan | Patchstack Bug Bounty Program
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-25401",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-27T13:37:11.317445Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-28T01:40:24.315Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://wordpress.org/plugins",
              "defaultStatus": "unaffected",
              "packageName": "wpcargo",
              "product": "WPCargo Track \u0026 Trace",
              "vendor": "Arni Cinco",
              "versions": [
                {
                  "lessThanOrEqual": "8.0.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Nabil Irawan | Patchstack Bug Bounty Program"
            }
          ],
          "datePublic": "2026-04-22T14:18:24.480Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Missing Authorization vulnerability in Arni Cinco WPCargo Track \u0026 Trace wpcargo allows Exploiting Incorrectly Configured Access Control Security Levels.\u003cp\u003eThis issue affects WPCargo Track \u0026 Trace: from n/a through \u003c= 8.0.2.\u003c/p\u003e"
                }
              ],
              "value": "Missing Authorization vulnerability in Arni Cinco WPCargo Track \u0026 Trace wpcargo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPCargo Track \u0026 Trace: from n/a through \u003c= 8.0.2."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-180",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Exploiting Incorrectly Configured Access Control Security Levels"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-28T16:14:57.849Z",
            "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
            "shortName": "Patchstack"
          },
          "references": [
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://patchstack.com/database/Wordpress/Plugin/wpcargo/vulnerability/wordpress-wpcargo-track-trace-plugin-8-0-2-broken-access-control-vulnerability?_s_id=cve"
            }
          ],
          "title": "WordPress WPCargo Track \u0026 Trace plugin \u003c= 8.0.2 - Broken Access Control vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "assignerShortName": "Patchstack",
        "cveId": "CVE-2026-25401",
        "datePublished": "2026-03-25T16:14:48.355Z",
        "dateReserved": "2026-02-02T12:53:12.987Z",
        "dateUpdated": "2026-04-28T16:14:57.849Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-31745 (GCVE-0-2025-31745)

    Vulnerability from nvd – Published: 2025-04-01 14:51 – Updated: 2026-04-28 16:12
    VLAI
    Title
    WordPress Subscription Form for Feedblitz Plugin <= 1.0.9 - Cross Site Scripting (XSS) vulnerability
    Summary
    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Arni Cinco Subscription Form for Feedblitz feedblitz-email-subscription allows Stored XSS.This issue affects Subscription Form for Feedblitz: from n/a through <= 1.0.9.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Arni Cinco Subscription Form for Feedblitz Affected: 0 , ≤ 1.0.9 (custom)
    Create a notification for this product.
    Date Public
    2026-04-01 16:37
    Credits
    0xd4rk5id3 | Patchstack Bug Bounty Program
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-31745",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-02T15:45:17.052537Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-02T15:45:33.614Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://wordpress.org/plugins",
              "defaultStatus": "unaffected",
              "packageName": "feedblitz-email-subscription",
              "product": "Subscription Form for Feedblitz",
              "vendor": "Arni Cinco",
              "versions": [
                {
                  "lessThanOrEqual": "1.0.9",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "0xd4rk5id3 | Patchstack Bug Bounty Program"
            }
          ],
          "datePublic": "2026-04-01T16:37:57.058Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in Arni Cinco Subscription Form for Feedblitz feedblitz-email-subscription allows Stored XSS.\u003cp\u003eThis issue affects Subscription Form for Feedblitz: from n/a through \u003c= 1.0.9.\u003c/p\u003e"
                }
              ],
              "value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in Arni Cinco Subscription Form for Feedblitz feedblitz-email-subscription allows Stored XSS.This issue affects Subscription Form for Feedblitz: from n/a through \u003c= 1.0.9."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-592",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Stored XSS"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-28T16:12:11.250Z",
            "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
            "shortName": "Patchstack"
          },
          "references": [
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://patchstack.com/database/Wordpress/Plugin/feedblitz-email-subscription/vulnerability/wordpress-subscription-form-for-feedblitz-plugin-1-0-9-cross-site-scripting-xss-vulnerability?_s_id=cve"
            }
          ],
          "title": "WordPress Subscription Form for Feedblitz Plugin \u003c= 1.0.9 - Cross Site Scripting (XSS) vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "assignerShortName": "Patchstack",
        "cveId": "CVE-2025-31745",
        "datePublished": "2025-04-01T14:51:08.224Z",
        "dateReserved": "2025-04-01T13:19:05.360Z",
        "dateUpdated": "2026-04-28T16:12:11.250Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-31609 (GCVE-0-2025-31609)

    Vulnerability from nvd – Published: 2025-03-31 12:55 – Updated: 2026-04-28 16:12
    VLAI
    Title
    WordPress WPCargo Track & Trace plugin <= 8.0.2 - Insecure Direct Object References (IDOR) vulnerability
    Summary
    Missing Authorization vulnerability in Arni Cinco WPCargo Track & Trace wpcargo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPCargo Track & Trace: from n/a through <= 8.0.2.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Arni Cinco WPCargo Track & Trace Affected: 0 , ≤ 8.0.2 (custom)
    Create a notification for this product.
    Date Public
    2026-04-01 16:37
    Credits
    hunter85 | Patchstack Bug Bounty Program
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-31609",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-31T13:43:47.767958Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-31T13:43:55.416Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://wordpress.org/plugins",
              "defaultStatus": "unaffected",
              "packageName": "wpcargo",
              "product": "WPCargo Track \u0026 Trace",
              "vendor": "Arni Cinco",
              "versions": [
                {
                  "lessThanOrEqual": "8.0.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "hunter85 | Patchstack Bug Bounty Program"
            }
          ],
          "datePublic": "2026-04-01T16:37:51.084Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Missing Authorization vulnerability in Arni Cinco WPCargo Track \u0026 Trace wpcargo allows Exploiting Incorrectly Configured Access Control Security Levels.\u003cp\u003eThis issue affects WPCargo Track \u0026 Trace: from n/a through \u003c= 8.0.2.\u003c/p\u003e"
                }
              ],
              "value": "Missing Authorization vulnerability in Arni Cinco WPCargo Track \u0026 Trace wpcargo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPCargo Track \u0026 Trace: from n/a through \u003c= 8.0.2."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-180",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Exploiting Incorrectly Configured Access Control Security Levels"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-28T16:12:10.348Z",
            "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
            "shortName": "Patchstack"
          },
          "references": [
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://patchstack.com/database/Wordpress/Plugin/wpcargo/vulnerability/wordpress-wpcargo-track-trace-plugin-7-0-6-insecure-direct-object-references-idor-vulnerability?_s_id=cve"
            }
          ],
          "title": "WordPress WPCargo Track \u0026 Trace plugin \u003c= 8.0.2 - Insecure Direct Object References (IDOR) vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "assignerShortName": "Patchstack",
        "cveId": "CVE-2025-31609",
        "datePublished": "2025-03-31T12:55:38.665Z",
        "dateReserved": "2025-03-31T10:06:10.341Z",
        "dateUpdated": "2026-04-28T16:12:10.348Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-54271 (GCVE-0-2024-54271)

    Vulnerability from nvd – Published: 2024-12-13 14:24 – Updated: 2026-04-28 16:10
    VLAI
    Title
    WordPress WPCargo Track & Trace plugin <= 8.0.2 - Settings Change vulnerability
    Summary
    Missing Authorization vulnerability in Arni Cinco WPCargo Track & Trace wpcargo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPCargo Track & Trace: from n/a through <= 8.0.2.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Arni Cinco WPCargo Track & Trace Affected: 0 , ≤ 8.0.2 (custom)
    Create a notification for this product.
    Date Public
    2026-04-01 16:30
    Credits
    Mika | Patchstack Bug Bounty Program
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-54271",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-13T21:00:24.925657Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-13T21:00:50.419Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://wordpress.org/plugins",
              "defaultStatus": "unaffected",
              "packageName": "wpcargo",
              "product": "WPCargo Track \u0026 Trace",
              "vendor": "Arni Cinco",
              "versions": [
                {
                  "lessThanOrEqual": "8.0.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Mika | Patchstack Bug Bounty Program"
            }
          ],
          "datePublic": "2026-04-01T16:30:31.529Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Missing Authorization vulnerability in Arni Cinco WPCargo Track \u0026 Trace wpcargo allows Exploiting Incorrectly Configured Access Control Security Levels.\u003cp\u003eThis issue affects WPCargo Track \u0026 Trace: from n/a through \u003c= 8.0.2.\u003c/p\u003e"
                }
              ],
              "value": "Missing Authorization vulnerability in Arni Cinco WPCargo Track \u0026 Trace wpcargo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPCargo Track \u0026 Trace: from n/a through \u003c= 8.0.2."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-180",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Exploiting Incorrectly Configured Access Control Security Levels"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-28T16:10:48.497Z",
            "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
            "shortName": "Patchstack"
          },
          "references": [
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://patchstack.com/database/Wordpress/Plugin/wpcargo/vulnerability/wordpress-wpcargo-track-trace-plugin-7-0-6-settings-change-vulnerability?_s_id=cve"
            }
          ],
          "title": "WordPress WPCargo Track \u0026 Trace plugin \u003c= 8.0.2 - Settings Change vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "assignerShortName": "Patchstack",
        "cveId": "CVE-2024-54271",
        "datePublished": "2024-12-13T14:24:46.788Z",
        "dateReserved": "2024-12-02T12:04:05.094Z",
        "dateUpdated": "2026-04-28T16:10:48.497Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-44004 (GCVE-0-2024-44004)

    Vulnerability from nvd – Published: 2024-09-17 22:27 – Updated: 2026-04-28 16:10
    VLAI
    Title
    WordPress WPCargo Track & Trace plugin <= 8.0.2 - SQL Injection vulnerability
    Summary
    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Arni Cinco WPCargo Track & Trace wpcargo allows SQL Injection.This issue affects WPCargo Track & Trace: from n/a through <= 8.0.2.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Arni Cinco WPCargo Track & Trace Affected: 0 , ≤ 8.0.2 (custom)
    Create a notification for this product.
    wptaskforce wpcargo_track_\&_trace Affected: 0 , ≤ 7.0.6 (custom)
        cpe:2.3:a:wptaskforce:wpcargo_track_\&_trace:*:*:*:*:*:wordpress:*:*
    Create a notification for this product.
    Date Public
    2026-04-01 16:27
    Credits
    LVT-tholv2k | Patchstack Bug Bounty Program
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:wptaskforce:wpcargo_track_\\\u0026_trace:*:*:*:*:*:wordpress:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wpcargo_track_\\\u0026_trace",
                "vendor": "wptaskforce",
                "versions": [
                  {
                    "lessThanOrEqual": "7.0.6",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-44004",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-18T13:35:02.295095Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-18T13:35:39.429Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://wordpress.org/plugins",
              "defaultStatus": "unaffected",
              "packageName": "wpcargo",
              "product": "WPCargo Track \u0026 Trace",
              "vendor": "Arni Cinco",
              "versions": [
                {
                  "lessThanOrEqual": "8.0.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "LVT-tholv2k | Patchstack Bug Bounty Program"
            }
          ],
          "datePublic": "2026-04-01T16:27:35.749Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in Arni Cinco WPCargo Track \u0026 Trace wpcargo allows SQL Injection.\u003cp\u003eThis issue affects WPCargo Track \u0026 Trace: from n/a through \u003c= 8.0.2.\u003c/p\u003e"
                }
              ],
              "value": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in Arni Cinco WPCargo Track \u0026 Trace wpcargo allows SQL Injection.This issue affects WPCargo Track \u0026 Trace: from n/a through \u003c= 8.0.2."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-66",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "SQL Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 9.3,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-28T16:10:16.047Z",
            "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
            "shortName": "Patchstack"
          },
          "references": [
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://patchstack.com/database/Wordpress/Plugin/wpcargo/vulnerability/wordpress-wpcargo-track-trace-plugin-7-0-6-sql-injection-vulnerability?_s_id=cve"
            }
          ],
          "title": "WordPress WPCargo Track \u0026 Trace plugin \u003c= 8.0.2 - SQL Injection vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "assignerShortName": "Patchstack",
        "cveId": "CVE-2024-44004",
        "datePublished": "2024-09-17T22:27:30.453Z",
        "dateReserved": "2024-08-18T21:57:37.334Z",
        "dateUpdated": "2026-04-28T16:10:16.047Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-25401 (GCVE-0-2026-25401)

    Vulnerability from cvelistv5 – Published: 2026-03-25 16:14 – Updated: 2026-04-28 16:14
    VLAI
    Title
    WordPress WPCargo Track & Trace plugin <= 8.0.2 - Broken Access Control vulnerability
    Summary
    Missing Authorization vulnerability in Arni Cinco WPCargo Track & Trace wpcargo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPCargo Track & Trace: from n/a through <= 8.0.2.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Arni Cinco WPCargo Track & Trace Affected: 0 , ≤ 8.0.2 (custom)
    Create a notification for this product.
    Date Public
    2026-04-22 14:18
    Credits
    Nabil Irawan | Patchstack Bug Bounty Program
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-25401",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-27T13:37:11.317445Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-28T01:40:24.315Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://wordpress.org/plugins",
              "defaultStatus": "unaffected",
              "packageName": "wpcargo",
              "product": "WPCargo Track \u0026 Trace",
              "vendor": "Arni Cinco",
              "versions": [
                {
                  "lessThanOrEqual": "8.0.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Nabil Irawan | Patchstack Bug Bounty Program"
            }
          ],
          "datePublic": "2026-04-22T14:18:24.480Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Missing Authorization vulnerability in Arni Cinco WPCargo Track \u0026 Trace wpcargo allows Exploiting Incorrectly Configured Access Control Security Levels.\u003cp\u003eThis issue affects WPCargo Track \u0026 Trace: from n/a through \u003c= 8.0.2.\u003c/p\u003e"
                }
              ],
              "value": "Missing Authorization vulnerability in Arni Cinco WPCargo Track \u0026 Trace wpcargo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPCargo Track \u0026 Trace: from n/a through \u003c= 8.0.2."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-180",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Exploiting Incorrectly Configured Access Control Security Levels"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-28T16:14:57.849Z",
            "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
            "shortName": "Patchstack"
          },
          "references": [
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://patchstack.com/database/Wordpress/Plugin/wpcargo/vulnerability/wordpress-wpcargo-track-trace-plugin-8-0-2-broken-access-control-vulnerability?_s_id=cve"
            }
          ],
          "title": "WordPress WPCargo Track \u0026 Trace plugin \u003c= 8.0.2 - Broken Access Control vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "assignerShortName": "Patchstack",
        "cveId": "CVE-2026-25401",
        "datePublished": "2026-03-25T16:14:48.355Z",
        "dateReserved": "2026-02-02T12:53:12.987Z",
        "dateUpdated": "2026-04-28T16:14:57.849Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-31745 (GCVE-0-2025-31745)

    Vulnerability from cvelistv5 – Published: 2025-04-01 14:51 – Updated: 2026-04-28 16:12
    VLAI
    Title
    WordPress Subscription Form for Feedblitz Plugin <= 1.0.9 - Cross Site Scripting (XSS) vulnerability
    Summary
    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Arni Cinco Subscription Form for Feedblitz feedblitz-email-subscription allows Stored XSS.This issue affects Subscription Form for Feedblitz: from n/a through <= 1.0.9.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Arni Cinco Subscription Form for Feedblitz Affected: 0 , ≤ 1.0.9 (custom)
    Create a notification for this product.
    Date Public
    2026-04-01 16:37
    Credits
    0xd4rk5id3 | Patchstack Bug Bounty Program
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-31745",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-02T15:45:17.052537Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-02T15:45:33.614Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://wordpress.org/plugins",
              "defaultStatus": "unaffected",
              "packageName": "feedblitz-email-subscription",
              "product": "Subscription Form for Feedblitz",
              "vendor": "Arni Cinco",
              "versions": [
                {
                  "lessThanOrEqual": "1.0.9",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "0xd4rk5id3 | Patchstack Bug Bounty Program"
            }
          ],
          "datePublic": "2026-04-01T16:37:57.058Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in Arni Cinco Subscription Form for Feedblitz feedblitz-email-subscription allows Stored XSS.\u003cp\u003eThis issue affects Subscription Form for Feedblitz: from n/a through \u003c= 1.0.9.\u003c/p\u003e"
                }
              ],
              "value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in Arni Cinco Subscription Form for Feedblitz feedblitz-email-subscription allows Stored XSS.This issue affects Subscription Form for Feedblitz: from n/a through \u003c= 1.0.9."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-592",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Stored XSS"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-28T16:12:11.250Z",
            "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
            "shortName": "Patchstack"
          },
          "references": [
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://patchstack.com/database/Wordpress/Plugin/feedblitz-email-subscription/vulnerability/wordpress-subscription-form-for-feedblitz-plugin-1-0-9-cross-site-scripting-xss-vulnerability?_s_id=cve"
            }
          ],
          "title": "WordPress Subscription Form for Feedblitz Plugin \u003c= 1.0.9 - Cross Site Scripting (XSS) vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "assignerShortName": "Patchstack",
        "cveId": "CVE-2025-31745",
        "datePublished": "2025-04-01T14:51:08.224Z",
        "dateReserved": "2025-04-01T13:19:05.360Z",
        "dateUpdated": "2026-04-28T16:12:11.250Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-31609 (GCVE-0-2025-31609)

    Vulnerability from cvelistv5 – Published: 2025-03-31 12:55 – Updated: 2026-04-28 16:12
    VLAI
    Title
    WordPress WPCargo Track & Trace plugin <= 8.0.2 - Insecure Direct Object References (IDOR) vulnerability
    Summary
    Missing Authorization vulnerability in Arni Cinco WPCargo Track & Trace wpcargo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPCargo Track & Trace: from n/a through <= 8.0.2.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Arni Cinco WPCargo Track & Trace Affected: 0 , ≤ 8.0.2 (custom)
    Create a notification for this product.
    Date Public
    2026-04-01 16:37
    Credits
    hunter85 | Patchstack Bug Bounty Program
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-31609",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-31T13:43:47.767958Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-31T13:43:55.416Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://wordpress.org/plugins",
              "defaultStatus": "unaffected",
              "packageName": "wpcargo",
              "product": "WPCargo Track \u0026 Trace",
              "vendor": "Arni Cinco",
              "versions": [
                {
                  "lessThanOrEqual": "8.0.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "hunter85 | Patchstack Bug Bounty Program"
            }
          ],
          "datePublic": "2026-04-01T16:37:51.084Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Missing Authorization vulnerability in Arni Cinco WPCargo Track \u0026 Trace wpcargo allows Exploiting Incorrectly Configured Access Control Security Levels.\u003cp\u003eThis issue affects WPCargo Track \u0026 Trace: from n/a through \u003c= 8.0.2.\u003c/p\u003e"
                }
              ],
              "value": "Missing Authorization vulnerability in Arni Cinco WPCargo Track \u0026 Trace wpcargo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPCargo Track \u0026 Trace: from n/a through \u003c= 8.0.2."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-180",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Exploiting Incorrectly Configured Access Control Security Levels"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-28T16:12:10.348Z",
            "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
            "shortName": "Patchstack"
          },
          "references": [
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://patchstack.com/database/Wordpress/Plugin/wpcargo/vulnerability/wordpress-wpcargo-track-trace-plugin-7-0-6-insecure-direct-object-references-idor-vulnerability?_s_id=cve"
            }
          ],
          "title": "WordPress WPCargo Track \u0026 Trace plugin \u003c= 8.0.2 - Insecure Direct Object References (IDOR) vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "assignerShortName": "Patchstack",
        "cveId": "CVE-2025-31609",
        "datePublished": "2025-03-31T12:55:38.665Z",
        "dateReserved": "2025-03-31T10:06:10.341Z",
        "dateUpdated": "2026-04-28T16:12:10.348Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-54271 (GCVE-0-2024-54271)

    Vulnerability from cvelistv5 – Published: 2024-12-13 14:24 – Updated: 2026-04-28 16:10
    VLAI
    Title
    WordPress WPCargo Track & Trace plugin <= 8.0.2 - Settings Change vulnerability
    Summary
    Missing Authorization vulnerability in Arni Cinco WPCargo Track & Trace wpcargo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPCargo Track & Trace: from n/a through <= 8.0.2.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Arni Cinco WPCargo Track & Trace Affected: 0 , ≤ 8.0.2 (custom)
    Create a notification for this product.
    Date Public
    2026-04-01 16:30
    Credits
    Mika | Patchstack Bug Bounty Program
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-54271",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-13T21:00:24.925657Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-13T21:00:50.419Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://wordpress.org/plugins",
              "defaultStatus": "unaffected",
              "packageName": "wpcargo",
              "product": "WPCargo Track \u0026 Trace",
              "vendor": "Arni Cinco",
              "versions": [
                {
                  "lessThanOrEqual": "8.0.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Mika | Patchstack Bug Bounty Program"
            }
          ],
          "datePublic": "2026-04-01T16:30:31.529Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Missing Authorization vulnerability in Arni Cinco WPCargo Track \u0026 Trace wpcargo allows Exploiting Incorrectly Configured Access Control Security Levels.\u003cp\u003eThis issue affects WPCargo Track \u0026 Trace: from n/a through \u003c= 8.0.2.\u003c/p\u003e"
                }
              ],
              "value": "Missing Authorization vulnerability in Arni Cinco WPCargo Track \u0026 Trace wpcargo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPCargo Track \u0026 Trace: from n/a through \u003c= 8.0.2."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-180",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Exploiting Incorrectly Configured Access Control Security Levels"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-28T16:10:48.497Z",
            "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
            "shortName": "Patchstack"
          },
          "references": [
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://patchstack.com/database/Wordpress/Plugin/wpcargo/vulnerability/wordpress-wpcargo-track-trace-plugin-7-0-6-settings-change-vulnerability?_s_id=cve"
            }
          ],
          "title": "WordPress WPCargo Track \u0026 Trace plugin \u003c= 8.0.2 - Settings Change vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "assignerShortName": "Patchstack",
        "cveId": "CVE-2024-54271",
        "datePublished": "2024-12-13T14:24:46.788Z",
        "dateReserved": "2024-12-02T12:04:05.094Z",
        "dateUpdated": "2026-04-28T16:10:48.497Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-44004 (GCVE-0-2024-44004)

    Vulnerability from cvelistv5 – Published: 2024-09-17 22:27 – Updated: 2026-04-28 16:10
    VLAI
    Title
    WordPress WPCargo Track & Trace plugin <= 8.0.2 - SQL Injection vulnerability
    Summary
    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Arni Cinco WPCargo Track & Trace wpcargo allows SQL Injection.This issue affects WPCargo Track & Trace: from n/a through <= 8.0.2.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Arni Cinco WPCargo Track & Trace Affected: 0 , ≤ 8.0.2 (custom)
    Create a notification for this product.
    wptaskforce wpcargo_track_\&_trace Affected: 0 , ≤ 7.0.6 (custom)
        cpe:2.3:a:wptaskforce:wpcargo_track_\&_trace:*:*:*:*:*:wordpress:*:*
    Create a notification for this product.
    Date Public
    2026-04-01 16:27
    Credits
    LVT-tholv2k | Patchstack Bug Bounty Program
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:wptaskforce:wpcargo_track_\\\u0026_trace:*:*:*:*:*:wordpress:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wpcargo_track_\\\u0026_trace",
                "vendor": "wptaskforce",
                "versions": [
                  {
                    "lessThanOrEqual": "7.0.6",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-44004",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-18T13:35:02.295095Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-18T13:35:39.429Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://wordpress.org/plugins",
              "defaultStatus": "unaffected",
              "packageName": "wpcargo",
              "product": "WPCargo Track \u0026 Trace",
              "vendor": "Arni Cinco",
              "versions": [
                {
                  "lessThanOrEqual": "8.0.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "LVT-tholv2k | Patchstack Bug Bounty Program"
            }
          ],
          "datePublic": "2026-04-01T16:27:35.749Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in Arni Cinco WPCargo Track \u0026 Trace wpcargo allows SQL Injection.\u003cp\u003eThis issue affects WPCargo Track \u0026 Trace: from n/a through \u003c= 8.0.2.\u003c/p\u003e"
                }
              ],
              "value": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in Arni Cinco WPCargo Track \u0026 Trace wpcargo allows SQL Injection.This issue affects WPCargo Track \u0026 Trace: from n/a through \u003c= 8.0.2."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-66",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "SQL Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 9.3,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-28T16:10:16.047Z",
            "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
            "shortName": "Patchstack"
          },
          "references": [
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://patchstack.com/database/Wordpress/Plugin/wpcargo/vulnerability/wordpress-wpcargo-track-trace-plugin-7-0-6-sql-injection-vulnerability?_s_id=cve"
            }
          ],
          "title": "WordPress WPCargo Track \u0026 Trace plugin \u003c= 8.0.2 - SQL Injection vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "assignerShortName": "Patchstack",
        "cveId": "CVE-2024-44004",
        "datePublished": "2024-09-17T22:27:30.453Z",
        "dateReserved": "2024-08-18T21:57:37.334Z",
        "dateUpdated": "2026-04-28T16:10:16.047Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }