5 matches found
CVE-2023-2843
The MultiParcels Shipping For WooCommerce WordPress plugin before 1.14.15 does not properly sanitize and escape a parameter before using it in an SQL statement, which could allow any authenticated users, such as subscribers, to perform SQL Injection attacks...
CVE-2023-2843 MultiParcels Shipping For WooCommerce < 1.14.15 - Subscribers+ SQLi
The MultiParcels Shipping For WooCommerce WordPress plugin before 1.14.15 does not properly sanitize and escape a parameter before using it in an SQL statement, which could allow any authenticated users, such as subscribers, to perform SQL Injection attacks...
CVE-2023-2843 MultiParcels Shipping For WooCommerce < 1.14.15 - Subscribers+ SQLi
The MultiParcels Shipping For WooCommerce WordPress plugin before 1.14.15 does not properly sanitize and escape a parameter before using it in an SQL statement, which could allow any authenticated users, such as subscribers, to perform SQL Injection attacks...
CVE-2023-2843
CVE-2023-2843 affects the MultiParcels Shipping For WooCommerce WordPress plugin, vulnerable in versions before 1.14.15. A parameter is not properly sanitized/escaped before being used in an SQL statement, allowing authenticated users (e.g., subscribers) to perform SQL Injection. Root cause: impr...
WordPress MultiParcels Shipping For WooCommerce Plugin < 1.14.15 is vulnerable to SQL Injection
Software MultiParcels Shipping For WooCommerce Type Plugin Vulnerable versions 1.14.15 Fixed in 1.14.15 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-2843 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 3e93313a1e18 Credits Dao Xuan Hieu Required...