CyberRota
← Ana sayfaya dön

CVE-2026-9235

MEDIUM · CVSS 4.3

Kaynak: NVD + CISA KEV + EPSS · Yayınlanma: 2026-07-09T11:16:42.250 · Çekilme zamanı: 2026-07-09T12:07:47.148146+00:00

CyberRota Yorumu

Detaylı analiz gerekiyor.

CVE
CVE-2026-9235
Severity
MEDIUM
CVSS
4.3
EPSS
Yok
WordPress

Orijinal NVD Açıklaması

The DHL eCommerce (Benelux) for WooCommerce plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check and missing nonce verification on the create_label() and delete_label() functions in versions up to, and including, 2.2.3. These functions are wired to the wp_ajax_dhlpwc_label_create and wp_ajax_dhlpwc_label_delete hooks and act on an attacker-supplied post_id (WooCommerce order ID). This makes it possible for authenticated attackers, with Subscriber-level access and above, to create or delete DHL shipping labels associated with any WooCommerce order on the site.