3 matches found
CVE-2023-3366 MultiParcels Shipping For WooCommerce < 1.15.2 - Arbitrary Shipment Deletion via CSRF
The MultiParcels Shipping For WooCommerce WordPress plugin before 1.15.2 does not have CRSF check when deleting a shipment, allowing attackers to make any logged in user, delete arbitrary shipment via a CSRF attack...
CVE-2023-3366
The CVE-2023-3366 entry applies to the WordPress plugin MultiParcels Shipping For WooCommerce (versions before 1.15.2). The root cause is a missing CSRF check when deleting a shipment, enabling CSRF abuse to delete arbitrary shipments by any logged-in user. Impact is limited to CSRF-enabled actio...
CVE-2023-3366 MultiParcels Shipping For WooCommerce < 1.15.2 - Arbitrary Shipment Deletion via CSRF
The MultiParcels Shipping For WooCommerce WordPress plugin before 1.15.2 does not have CRSF check when deleting a shipment, allowing attackers to make any logged in user, delete arbitrary shipment via a CSRF attack...