Lucene search
+L

4 matches found

NVD
NVD
added 2023/08/21 5:15 p.m.21 views

CVE-2023-3954

The MultiParcels Shipping For WooCommerce WordPress plugin before 1.15.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

6.1CVSS6AI score0.00396EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2023/08/21 12:29 p.m.8 views

CVE-2023-3954 MultiParcels Shipping For WooCommerce 1.15.2-1.15.3 - Reflected XSS

The MultiParcels Shipping For WooCommerce WordPress plugin before 1.15.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

6AI score0.00396EPSS
Exploits2References1
CVE
CVE
added 2023/08/21 12:29 p.m.51 views

CVE-2023-3954

CVE-2023-3954 affects the MultiParcels Shipping For WooCommerce WordPress plugin prior to version 1.15.4. A Reflected XSS exists where an unsanitized parameter is output back to the page, enabling attack against admin/high-privilege users. A PoC is referenced in the connected exploit entry, illus...

6.1CVSS6.1AI score0.00396EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2023/08/21 12:29 p.m.28 views

CVE-2023-3954 MultiParcels Shipping For WooCommerce 1.15.2-1.15.3 - Reflected XSS

The MultiParcels Shipping For WooCommerce WordPress plugin before 1.15.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

6.2AI score0.00396EPSS
Exploits2References1
Rows per page
Query Builder