Vulnerabilities and security researches fororder-tracking order-tracking

Apr 13, 2026

CVE, Research URL: CVE-2026-39602
Home page URL: Security reports for Order Tracking – WordPress Status Tracking Plugin
Application: Order Tracking – WordPress Status Tracking Plugin
Date: Apr 08, 2026
Research Description: Missing Authorization vulnerability in Rustaurius Order Tracking order-tracking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Order Tracking: from n/a through <= 3.4.3.
Affected versions: max 3.4.3.
Status: vulnerable

Aug 20, 2024

CVE, Research URL: CVE-2024-43343
Home page URL: Security reports for Order Tracking – WordPress Status Tracking Plugin
Application: Order Tracking – WordPress Status Tracking Plugin
Date: Nov 01, 2024
Research Description: Missing Authorization vulnerability in Etoile Web Design Order Tracking allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Order Tracking: from n/a through 3.3.12.
Affected versions: max 3.3.13.
Status: vulnerable

Jun 07, 2024

CVE, Research URL: 0f8e0ae795486b0420f4812986aa8158cc3e041c
Home page URL: Security reports for Order Tracking – WordPress Status Tracking Plugin
Application: Order Tracking – WordPress Status Tracking Plugin
Date: Jan 06, 2022
Research Description: Order Tracking – WordPress Status Tracking Plugin [order-tracking] < 3.0.17 (closed) WordPress Order Tracking plugin <= 3.0.16 - Cross-Site Request Forgery (CSRF) leading to Order, Customer and Sales Representative Deletion Cross-Site Request Forgery (CSRF) leading to Order, Customer and Sales Representative Deletion discovered in WordPress Order Tracking plugin (versions <= 3.0.16).
Affected versions: max 3.0.17.
Status: vulnerable

CVE, Research URL: CVE-2023-4471
Home page URL: Security reports for Order Tracking – WordPress Status Tracking Plugin
Application: Order Tracking – WordPress Status Tracking Plugin
Date: Aug 31, 2023
Research Description: The Order Tracking Pro plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the start_date and end_date parameters in versions up to, and including, 3.3.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Affected versions: max 3.3.7.
Status: vulnerable

CVE, Research URL: CVE-2023-4500
Home page URL: Security reports for Order Tracking – WordPress Status Tracking Plugin
Application: Order Tracking – WordPress Status Tracking Plugin
Date: Aug 31, 2023
Research Description: The Order Tracking Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the order status parameter in versions up to, and including, 3.3.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers (admin or higher) to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. This only affects multi-site installations and installations where unfiltered_html has been disabled.
Affected versions: max 3.3.7.
Status: vulnerable