CVE-2023-2843

🗓️ 07 Aug 2023 14:31:25Reported by WPScanType

cve🔗 web.nvd.nist.gov👁 59 Views🌐 WEB

The MultiParcels Shipping For WooCommerce WordPress plugin before 1.14.15 allows SQL Injection

Reporter	Title	Published	Views	Family All 14
Circl	CVE-2023-2843	7 Aug 202318:14	–	circl
CNNVD	WordPress plugin MultiParcels Shipping For WooCommerce SQL Injection Vulnerability	7 Aug 202300:00	–	cnnvd
Cvelist	CVE-2023-2843 MultiParcels Shipping For WooCommerce < 1.14.15 - Subscribers+ SQLi	7 Aug 202314:31	–	cvelist
EUVD	EUVD-2023-34294	3 Oct 202520:07	–	euvd
NVD	CVE-2023-2843	7 Aug 202315:15	–	nvd
OSV	CVE-2023-2843	7 Aug 202315:15	–	osv
Patchstack	WordPress MultiParcels Shipping For WooCommerce Plugin < 1.14.15 is vulnerable to SQL Injection	18 Jul 202300:00	–	patchstack
Prion	Sql injection	7 Aug 202315:15	–	prion
Positive Technologies	PT-2023-21715 · WordPress · Multiparcels Shipping For Woocommerce	7 Aug 202300:00	–	ptsecurity
RedhatCVE	CVE-2023-2843	23 May 202503:36	–	redhatcve

NVD

Vulners

Node

multiparcels multiparcels_shipping_for_woocommerceRange<1.14.15wordpress

[
  {
    "vendor": "Unknown",
    "product": "MultiParcels Shipping For WooCommerce",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "1.14.15"
      }
    ],
    "defaultStatus": "unaffected",
    "collectionURL": "https://wordpress.org/plugins"
  }
]

Source	Link
wpscan	www.wpscan.com/vulnerability/8e713eaf-f332-47e2-a131-c14222201fdc

Parameter	Position	Path	Description	CWE
id	query param	/wp-admin/admin-post.php	SQL injection vulnerability via unsanitized id parameter in admin-post.php?action=multiparcels_delete_shipping	CWE-89
action	query param	/wp-admin/admin-post.php	SQL injection vulnerability via unsanitized id parameter in admin-post.php?action=multiparcels_delete_shipping	CWE-89

21 Nov 2024 07:59Current

8.9High risk

Vulners AI Score8.9

CVSS 3.18.8

EPSS0.00414

SSVC