CVE-2025-62995

Missing Authorization vulnerability in multiparcels MultiParcels Shipping For WooCommerce multiparcels-shipping-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MultiParcels Shipping For WooCommerce: from n/a through = 1.30.12...

CVE-2025-62995

Missing Authorization vulnerability in multiparcels MultiParcels Shipping For WooCommerce multiparcels-shipping-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MultiParcels Shipping For WooCommerce: from n/a through = 1.30.12...

CVE-2023-3366

The MultiParcels Shipping For WooCommerce WordPress plugin before 1.15.2 does not have CRSF check when deleting a shipment, allowing attackers to make any logged in user, delete arbitrary shipment via a CSRF attack...

PT-2023-24439 · WordPress · Multiparcels Shipping For Woocommerce

Name of the Vulnerable Software and Affected Versions: MultiParcels Shipping For WooCommerce WordPress plugin versions prior to 1.15.2 Description: The issue allows attackers to make any logged-in user delete arbitrary shipments via a CSRF attack because the plugin does not have a CRSF check when...

PT-2023-27008 · WordPress · Multiparcels Shipping For Woocommerce

Name of the Vulnerable Software and Affected Versions: MultiParcels Shipping For WooCommerce WordPress plugin versions prior to 1.15.4 Description: The issue is related to a Reflected Cross-Site Scripting problem. It occurs because a parameter is not properly sanitised and escaped before being...

WordPress plugin MultiParcels Shipping For WooCommerce 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

CVE-2023-3671

The MultiParcels Shipping For WooCommerce WordPress plugin before 1.15.4 does not sanitise and escape various parameters before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2023-3365

The MultiParcels Shipping For WooCommerce WordPress plugin before 1.14.14 does not have authorisation when deleting shipment, allowing any authenticated users, such as subscriber to delete arbitrary shipment...

PT-2023-24431 · WordPress · Multiparcels Shipping For Woocommerce

Name of the Vulnerable Software and Affected Versions: MultiParcels Shipping For WooCommerce WordPress plugin versions prior to 1.14.14 Description: The issue concerns a lack of authorization in the deletion of shipments, allowing any authenticated user, such as a subscriber, to delete arbitrary...