cleantalk
Vulnerabilities and Security Researches

Order Tracking – WordPress Status Tracking Plugin, CVE-2023-4471

CVE, Research URL

CVE-2023-4471

Home page URL

Security reports for Order Tracking – WordPress Status Tracking Plugin

Application

Order Tracking – WordPress Status Tracking Plugin

Published on
Aug 31, 2023
Research Description
The Order Tracking Pro plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the start_date and end_date parameters in versions up to, and including, 3.3.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Affected versions
max 3.3.7.
Status
vulnerable
Previous vulnerability researches
MIMO Woocommerce Order Tracking (CVE-2024-5769) , Jan 10, 2025
MIMO Woocommerce Order Tracking (CVE-2024-5768) , Jun 20, 2024
Order Tracking – WordPress Status Tracking Plugin (CVE-2024-43343) , Aug 20, 2024
Order Tracking – WordPress Status Tracking Plugin (CVE-2026-39602) , Apr 13, 2026
Order Tracking – WordPress Status Tracking Plugin (0f8e0ae795486b0420f4812986aa8158cc3e041c) , Jun 07, 2024
New vulnerability
Collect.chat – Chatbot ⚡️ (CVE-2026-0736) , Apr 15, 2026
SQL Chart Builder (CVE-2026-4079) , Apr 15, 2026
FastDup – Fastest WordPress Migration & Duplicator (CVE-2026-1104) , Apr 15, 2026
Timeline Block (CVE-2026-1228) , Apr 15, 2026
Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Plugin for WordPress (CVE-2026-3180) , Apr 15, 2026