cleantalk
Vulnerabilities and Security Researches

Biteship: Plugin Ongkos Kirim Kurir Instant, Reguler, Kargo, CVE-2023-6278

CVE, Research URL

CVE-2023-6278

Home page URL

Security reports for Biteship: Plugin Ongkos Kirim Kurir Instant, Reguler, Kargo

Application

Biteship: Plugin Ongkos Kirim Kurir Instant, Reguler, Kargo

Published on
Jan 29, 2024
Research Description
The Biteship: Plugin Ongkos Kirim Kurir Instant, Reguler, Kargo WordPress plugin before 2.2.25 does not sanitise and escape the biteship_error and biteship_message parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
Affected versions
Min -, max 2.2.25.
Status
vulnerable
Previous vulnerability researches
Biteship: Plugin Ongkos Kirim Kurir Instant, Reguler, Kargo (CVE-2024-24866) , Jun 07, 2024
Biteship: Plugin Ongkos Kirim Kurir Instant, Reguler, Kargo (CVE-2023-6278) , Jun 07, 2024
Biteship: Plugin Ongkos Kirim Kurir Instant, Reguler, Kargo (CVE-2023-49767) , Jun 07, 2024
Biteship: Plugin Ongkos Kirim Kurir Instant, Reguler, Kargo (CVE-2025-5816) , Jul 19, 2025
New vulnerability
Wallet System for WooCommerce – Digital Wallet, Cashback Rewards, Recharge User Wallets, View Transaction History (CVE-2025-54041) , Jul 19, 2025
Chatbox Manager (CVE-2025-48167) , Jul 19, 2025
Zuppler Online Ordering (CVE-2025-6053) , Jul 19, 2025
Counter live visitors for WooCommerce (CVE-2025-7359) , Jul 19, 2025
AntiSpam for Contact Form 7 (CVE-2025-54020) , Jul 19, 2025