Vulnerabilities and security researches fortorod torod

Dec 10, 2025

CVE, Research URL: CVE-2025-12373
Home page URL: Security reports for Torod – The smart shipping and delivery portal for e-shops and retailers
Application: Torod – The smart shipping and delivery portal for e-shops and retailers
Date: Dec 05, 2025
Research Description: The Torod – The smart shipping and delivery portal for e-shops and retailers plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9. This is due to missing or incorrect nonce validation on the save_settings function. This makes it possible for unauthenticated attackers to modify plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions: max 1.9.
Status: vulnerable

Jul 19, 2025

CVE, Research URL: CVE-2025-30936
Home page URL: Security reports for Torod – The smart shipping and delivery portal for e-shops and retailers
Application: Torod – The smart shipping and delivery portal for e-shops and retailers
Date: Jul 16, 2025
Research Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Torod Company for Information Technology Torod allows SQL Injection. This issue affects Torod: from n/a through 1.9.
Affected versions: max 1.9.
Status: vulnerable

Dec 22, 2024

CVE, Research URL: CVE-2024-55995
Home page URL: Security reports for Torod – The smart shipping and delivery portal for e-shops and retailers
Application: Torod – The smart shipping and delivery portal for e-shops and retailers
Date: Dec 31, 2024
Research Description: Missing Authorization vulnerability in Torod Holding LTD Torod allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Torod: from n/a through 1.7.
Affected versions: max 1.7.
Status: vulnerable