Lucene search
K

8 matches found

RedhatCVE
RedhatCVE
added 2025/12/10 3:13 p.m.8 views

CVE-2025-62995

Missing Authorization vulnerability in multiparcels MultiParcels Shipping For WooCommerce multiparcels-shipping-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MultiParcels Shipping For WooCommerce: from n/a through = 1.30.12...

4.3CVSS7AI score0.00192EPSS
Exploits0References1
NVD
NVD
added 2025/12/09 4:18 p.m.7 views

CVE-2025-62995

Missing Authorization vulnerability in multiparcels MultiParcels Shipping For WooCommerce multiparcels-shipping-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MultiParcels Shipping For WooCommerce: from n/a through = 1.30.12...

4.3CVSS0.00192EPSS
Exploits0References1
OSV
OSV
added 2023/08/21 5:15 p.m.4 views

CVE-2023-3366

The MultiParcels Shipping For WooCommerce WordPress plugin before 1.15.2 does not have CRSF check when deleting a shipment, allowing attackers to make any logged in user, delete arbitrary shipment via a CSRF attack...

4.3CVSS5.9AI score0.00231EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2023/08/21 12:0 a.m.5 views

PT-2023-27008 · WordPress · Multiparcels Shipping For Woocommerce

Name of the Vulnerable Software and Affected Versions: MultiParcels Shipping For WooCommerce WordPress plugin versions prior to 1.15.4 Description: The issue is related to a Reflected Cross-Site Scripting problem. It occurs because a parameter is not properly sanitised and escaped before being...

6.1CVSS6.3AI score0.00396EPSS
Exploits2References4
Positive Technologies
Positive Technologies
added 2023/08/21 12:0 a.m.7 views

PT-2023-24439 · WordPress · Multiparcels Shipping For Woocommerce

Name of the Vulnerable Software and Affected Versions: MultiParcels Shipping For WooCommerce WordPress plugin versions prior to 1.15.2 Description: The issue allows attackers to make any logged-in user delete arbitrary shipments via a CSRF attack because the plugin does not have a CRSF check when...

4.3CVSS7.2AI score0.00231EPSS
Exploits2References5
OSV
OSV
added 2023/08/07 3:15 p.m.6 views

CVE-2023-3671

The MultiParcels Shipping For WooCommerce WordPress plugin before 1.15.4 does not sanitise and escape various parameters before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

6.1CVSS7.3AI score0.00396EPSS
Exploits2References1
OSV
OSV
added 2023/08/07 3:15 p.m.2 views

CVE-2023-3365

The MultiParcels Shipping For WooCommerce WordPress plugin before 1.14.14 does not have authorisation when deleting shipment, allowing any authenticated users, such as subscriber to delete arbitrary shipment...

8.1CVSS7.4AI score0.00592EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2023/08/07 12:0 a.m.7 views

PT-2023-24431 · WordPress · Multiparcels Shipping For Woocommerce

Name of the Vulnerable Software and Affected Versions: MultiParcels Shipping For WooCommerce WordPress plugin versions prior to 1.14.14 Description: The issue concerns a lack of authorization in the deletion of shipments, allowing any authenticated user, such as a subscriber, to delete arbitrary...

8.1CVSS8.8AI score0.00592EPSS
Exploits2References5
Rows per page
Query Builder