6 matches found
CVE-2023-3365
The MultiParcels Shipping For WooCommerce WordPress plugin before 1.14.14 does not have authorisation when deleting shipment, allowing any authenticated users, such as subscriber to delete arbitrary shipment...
CVE-2023-3365
The MultiParcels Shipping For WooCommerce WordPress plugin before 1.14.14 does not have authorisation when deleting shipment, allowing any authenticated users, such as subscriber to delete arbitrary shipment...
CVE-2023-3365 MultiParcels Shipping For WooCommerce < 1.14.14 - Subscriber+ Arbitrary Shipment Deletion
The MultiParcels Shipping For WooCommerce WordPress plugin before 1.14.14 does not have authorisation when deleting shipment, allowing any authenticated users, such as subscriber to delete arbitrary shipment...
CVE-2023-3365 MultiParcels Shipping For WooCommerce < 1.14.14 - Subscriber+ Arbitrary Shipment Deletion
The MultiParcels Shipping For WooCommerce WordPress plugin before 1.14.14 does not have authorisation when deleting shipment, allowing any authenticated users, such as subscriber to delete arbitrary shipment...
CVE-2023-3365
CVE-2023-3365 affects MultiParcels Shipping For WooCommerce (WordPress plugin). The root cause is missing authorization checks when deleting shipments, enabling any authenticated user (e.g., subscribers) to delete arbitrary shipments. Public sources in connected documents confirm this vulnerabili...
WordPress MultiParcels Shipping For WooCommerce Plugin < 1.14.14 is vulnerable to Broken Access Control
Software MultiParcels Shipping For WooCommerce Type Plugin Vulnerable versions 1.14.14 Fixed in 1.14.14 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-3365 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID c3c12e88b9f4 Credits Erwan ...