cleantalk
Vulnerabilities and Security Researches

Order Tracking – WordPress Status Tracking Plugin, CVE-2026-39602

CVE, Research URL

CVE-2026-39602

Home page URL

Security reports for Order Tracking – WordPress Status Tracking Plugin

Application

Order Tracking – WordPress Status Tracking Plugin

Published on
Apr 08, 2026
Research Description
Missing Authorization vulnerability in Rustaurius Order Tracking order-tracking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Order Tracking: from n/a through <= 3.4.3.
Affected versions
max 3.4.3.
Status
vulnerable
Previous vulnerability researches
MIMO Woocommerce Order Tracking (CVE-2024-5769) , Jan 10, 2025
MIMO Woocommerce Order Tracking (CVE-2024-5768) , Jun 20, 2024
Order Tracking &#8211; WordPress Status Tracking Plugin (CVE-2024-43343) , Aug 20, 2024
Order Tracking &#8211; WordPress Status Tracking Plugin (CVE-2026-39602) , Apr 13, 2026
Order Tracking &#8211; WordPress Status Tracking Plugin (0f8e0ae795486b0420f4812986aa8158cc3e041c) , Jun 07, 2024
New vulnerability
Collect.chat &#8211; Chatbot ⚡️ (CVE-2026-0736) , Apr 15, 2026
SQL Chart Builder (CVE-2026-4079) , Apr 15, 2026
FastDup &#8211; Fastest WordPress Migration &amp; Duplicator (CVE-2026-1104) , Apr 15, 2026
Timeline Block (CVE-2026-1228) , Apr 15, 2026
Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Plugin for WordPress (CVE-2026-3180) , Apr 15, 2026