CVE-2021-25002

Name of the Vulnerable Software and Affected Versions Tipsacarrier WordPress plugin versions prior to 1.5.0.5

Description The issue concerns a lack of authorization checks in certain functions, allowing unauthenticated users to access Orders data. This could potentially be used to retrieve client information, including full address, name, and phone number, via a tracking URL.

Recommendations For versions prior to 1.5.0.5, update to version 1.5.0.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the affected functions until a patch is applied.