PT-2026-40874 · WordPress · Gls Shipping For Woocommerce

·

CVE-2026-6417

·

Published

2026-05-14

·

Updated

2026-05-14

CVSS v3.1

6.1

Medium

VectorAV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Name of the Vulnerable Software and Affected Versions GLS Shipping for WooCommerce versions prior to 1.4.1
Description Reflected Cross-Site Scripting occurs due to insufficient input sanitization and output escaping. This allows unauthenticated attackers to inject arbitrary web scripts into pages, which execute when a user is tricked into performing an action, such as clicking a link. The issue involves the failed orders parameter.
Recommendations Update to a version later than 1.4.0. As a temporary workaround, restrict access to or avoid using the failed orders parameter until the update is applied.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-6417

Affected Products

Gls Shipping For Woocommerce