MEDIUM
Amit Mittal
CVE published 2026-06-15
CVE-2026-39540
A Subscriber Cross Site Scripting (XSS) vulnerability was discovered in Shipment Tracker for Woocommerce plugin versions up to 1.5.3.2. The vulnerability has been assigned a CVSS score of 6.5, indicating a medium severity level. The vulnerability allows a subscriber to inject malicious scripts into the application, potentially leading to unauthorized actions or data breaches.