Vulnerabilities and security researches foreprolo-dropshipping eprolo-dropshipping

Dec 11, 2025

CVE, Research URL: CVE-2025-12133
Home page URL: Security reports for EPROLO Dropshipping
Application: EPROLO Dropshipping
Date: Dec 05, 2025
Research Description: The EPROLO Dropshipping plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wp_ajax_eprolo_delete_tracking and wp_ajax_eprolo_save_tracking_data AJAX endpoints in all versions up to, and including, 2.3.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify and delete tracking data.
Affected versions: max 2.3.1.
Status: vulnerable

Jun 07, 2024

CVE, Research URL: CVE-2024-33573
Home page URL: Security reports for EPROLO Dropshipping
Application: EPROLO Dropshipping
Date: May 08, 2024
Research Description: Missing Authorization vulnerability in EPROLO EPROLO Dropshipping.This issue affects EPROLO Dropshipping: from n/a through 1.7.1.
Affected versions: max 1.7.2.
Status: vulnerable