14 matches found
EUVD-2023-44032
Malicious code in bioql PyPI...
CVE-2023-3365
The MultiParcels Shipping For WooCommerce WordPress plugin before 1.14.14 does not have authorisation when deleting shipment, allowing any authenticated users, such as subscriber to delete arbitrary shipment...
CVE-2023-3366
The MultiParcels Shipping For WooCommerce WordPress plugin before 1.15.2 does not have CRSF check when deleting a shipment, allowing attackers to make any logged in user, delete arbitrary shipment via a CSRF attack...
CVE-2023-3366
The MultiParcels Shipping For WooCommerce WordPress plugin before 1.15.2 does not have CRSF check when deleting a shipment, allowing attackers to make any logged in user, delete arbitrary shipment via a CSRF attack...
CVE-2023-3366
The MultiParcels Shipping For WooCommerce WordPress plugin before 1.15.2 does not have CRSF check when deleting a shipment, allowing attackers to make any logged in user, delete arbitrary shipment via a CSRF attack...
CVE-2023-3366 MultiParcels Shipping For WooCommerce < 1.15.2 - Arbitrary Shipment Deletion via CSRF
The MultiParcels Shipping For WooCommerce WordPress plugin before 1.15.2 does not have CRSF check when deleting a shipment, allowing attackers to make any logged in user, delete arbitrary shipment via a CSRF attack...
CVE-2023-3366 MultiParcels Shipping For WooCommerce < 1.15.2 - Arbitrary Shipment Deletion via CSRF
The MultiParcels Shipping For WooCommerce WordPress plugin before 1.15.2 does not have CRSF check when deleting a shipment, allowing attackers to make any logged in user, delete arbitrary shipment via a CSRF attack...
PT-2023-24439 · WordPress · Multiparcels Shipping For Woocommerce
Name of the Vulnerable Software and Affected Versions: MultiParcels Shipping For WooCommerce WordPress plugin versions prior to 1.15.2 Description: The issue allows attackers to make any logged-in user delete arbitrary shipments via a CSRF attack because the plugin does not have a CRSF check when...
CVE-2023-3365
The MultiParcels Shipping For WooCommerce WordPress plugin before 1.14.14 does not have authorisation when deleting shipment, allowing any authenticated users, such as subscriber to delete arbitrary shipment...
CVE-2023-3365
CVE-2023-3365 affects MultiParcels Shipping For WooCommerce (WordPress plugin). The root cause is missing authorization checks when deleting shipments, enabling any authenticated user (e.g., subscribers) to delete arbitrary shipments. Public sources in connected documents confirm this vulnerabili...
CVE-2023-3365 MultiParcels Shipping For WooCommerce < 1.14.14 - Subscriber+ Arbitrary Shipment Deletion
The MultiParcels Shipping For WooCommerce WordPress plugin before 1.14.14 does not have authorisation when deleting shipment, allowing any authenticated users, such as subscriber to delete arbitrary shipment...
PT-2023-24431 · WordPress · Multiparcels Shipping For Woocommerce
Name of the Vulnerable Software and Affected Versions: MultiParcels Shipping For WooCommerce WordPress plugin versions prior to 1.14.14 Description: The issue concerns a lack of authorization in the deletion of shipments, allowing any authenticated user, such as a subscriber, to delete arbitrary...
MultiParcels Shipping For WooCommerce < 1.15.2 - Arbitrary Shipment Deletion via CSRF
Description The plugin does not have CRSF check when deleting a shipment, allowing attackers to make any logged in user, delete arbitrary shipment via a CSRF attack PoC Make any logged in user open https://example.com/wp-admin/admin-post.php?action=multiparcelsdeleteshipping=1 to make them delete...
MultiParcels Shipping For WooCommerce < 1.14.14 - Subscriber+ Arbitrary Shipment Deletion
Description The plugin does not have authorisation when deleting shipment, allowing any authenticated users, such as subscriber to delete arbitrary shipment Login as a subscriber an open https://example.com/wp-admin/admin-post.php?action=multiparcelsdeleteshipping&id=1 to delete the shipment with...