Cross site request forgery (csrf)

2023-08-2117:15:00

PRIOn knowledge base

www.prio-n.com

multiparcels

shipping

woocommerce

csrf

attack

delete

shipment

4.6 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.1%

JSON

The MultiParcels Shipping For WooCommerce WordPress plugin before 1.15.2 does not have CRSF check when deleting a shipment, allowing attackers to make any logged in user, delete arbitrary shipment via a CSRF attack

CPENameOperatorVersion
multiparcels_shipping_for_woocommercelt1.15.2

CPE	Name	Operator	Version
	multiparcels_shipping_for_woocommerce	lt	1.15.2

References

wpscan.com/vulnerability/b2f06223-9352-4227-ae94-32061e2c5611