CVE-2024-4039

Name of the Vulnerable Software and Affected Versions The Orders Tracking for WooCommerce plugin for WordPress versions up to 1.2.10

Description The issue allows unauthenticated attackers to execute arbitrary shortcodes due to the plugin not properly validating a value before running do shortcode. This enables the execution of an action that can lead to arbitrary shortcode execution.

Recommendations For versions up to 1.2.10, update to version 1.2.11 to fully resolve the issue. As a temporary workaround, consider restricting access to the plugin's functionality until the update can be applied.