Lucene search
K

14 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-44032

Malicious code in bioql PyPI...

8.1CVSS8.1AI score0.00592EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:53 a.m.9 views

CVE-2023-3365

The MultiParcels Shipping For WooCommerce WordPress plugin before 1.14.14 does not have authorisation when deleting shipment, allowing any authenticated users, such as subscriber to delete arbitrary shipment...

8.1CVSS6.7AI score0.00592EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:53 a.m.12 views

CVE-2023-3366

The MultiParcels Shipping For WooCommerce WordPress plugin before 1.15.2 does not have CRSF check when deleting a shipment, allowing attackers to make any logged in user, delete arbitrary shipment via a CSRF attack...

4.3CVSS6.8AI score0.00231EPSS
Exploits2References1
OSV
OSV
added 2023/08/21 5:15 p.m.3 views

CVE-2023-3366

The MultiParcels Shipping For WooCommerce WordPress plugin before 1.15.2 does not have CRSF check when deleting a shipment, allowing attackers to make any logged in user, delete arbitrary shipment via a CSRF attack...

4.3CVSS5.9AI score0.00231EPSS
Exploits2References1
NVD
NVD
added 2023/08/21 5:15 p.m.27 views

CVE-2023-3366

The MultiParcels Shipping For WooCommerce WordPress plugin before 1.15.2 does not have CRSF check when deleting a shipment, allowing attackers to make any logged in user, delete arbitrary shipment via a CSRF attack...

4.3CVSS4.7AI score0.00231EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2023/08/21 12:29 p.m.18 views

CVE-2023-3366 MultiParcels Shipping For WooCommerce < 1.15.2 - Arbitrary Shipment Deletion via CSRF

The MultiParcels Shipping For WooCommerce WordPress plugin before 1.15.2 does not have CRSF check when deleting a shipment, allowing attackers to make any logged in user, delete arbitrary shipment via a CSRF attack...

7.1AI score0.00231EPSS
Exploits2References1
Cvelist
Cvelist
added 2023/08/21 12:29 p.m.26 views

CVE-2023-3366 MultiParcels Shipping For WooCommerce < 1.15.2 - Arbitrary Shipment Deletion via CSRF

The MultiParcels Shipping For WooCommerce WordPress plugin before 1.15.2 does not have CRSF check when deleting a shipment, allowing attackers to make any logged in user, delete arbitrary shipment via a CSRF attack...

5AI score0.00231EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2023/08/21 12:0 a.m.7 views

PT-2023-24439 · WordPress · Multiparcels Shipping For Woocommerce

Name of the Vulnerable Software and Affected Versions: MultiParcels Shipping For WooCommerce WordPress plugin versions prior to 1.15.2 Description: The issue allows attackers to make any logged-in user delete arbitrary shipments via a CSRF attack because the plugin does not have a CRSF check when...

4.3CVSS7.2AI score0.00231EPSS
Exploits2References5
OSV
OSV
added 2023/08/07 3:15 p.m.2 views

CVE-2023-3365

The MultiParcels Shipping For WooCommerce WordPress plugin before 1.14.14 does not have authorisation when deleting shipment, allowing any authenticated users, such as subscriber to delete arbitrary shipment...

8.1CVSS7.4AI score0.00592EPSS
Exploits2References1
CVE
CVE
added 2023/08/07 2:31 p.m.73 views

CVE-2023-3365

CVE-2023-3365 affects MultiParcels Shipping For WooCommerce (WordPress plugin). The root cause is missing authorization checks when deleting shipments, enabling any authenticated user (e.g., subscribers) to delete arbitrary shipments. Public sources in connected documents confirm this vulnerabili...

8.1CVSS8AI score0.00592EPSS
Exploits2References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/08/07 2:31 p.m.16 views

CVE-2023-3365 MultiParcels Shipping For WooCommerce < 1.14.14 - Subscriber+ Arbitrary Shipment Deletion

The MultiParcels Shipping For WooCommerce WordPress plugin before 1.14.14 does not have authorisation when deleting shipment, allowing any authenticated users, such as subscriber to delete arbitrary shipment...

6.7AI score0.00592EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2023/08/07 12:0 a.m.7 views

PT-2023-24431 · WordPress · Multiparcels Shipping For Woocommerce

Name of the Vulnerable Software and Affected Versions: MultiParcels Shipping For WooCommerce WordPress plugin versions prior to 1.14.14 Description: The issue concerns a lack of authorization in the deletion of shipments, allowing any authenticated user, such as a subscriber, to delete arbitrary...

8.1CVSS8.8AI score0.00592EPSS
Exploits2References5
WPVulnDB
WPVulnDB
added 2023/07/31 12:0 a.m.16 views

MultiParcels Shipping For WooCommerce < 1.15.2 - Arbitrary Shipment Deletion via CSRF

Description The plugin does not have CRSF check when deleting a shipment, allowing attackers to make any logged in user, delete arbitrary shipment via a CSRF attack PoC Make any logged in user open https://example.com/wp-admin/admin-post.php?action=multiparcelsdeleteshipping=1 to make them delete...

4.3CVSS4.6AI score0.00231EPSS
Exploits2Affected Software1
wpexploit
wpexploit
added 2023/07/17 12:0 a.m.150 views

MultiParcels Shipping For WooCommerce < 1.14.14 - Subscriber+ Arbitrary Shipment Deletion

Description The plugin does not have authorisation when deleting shipment, allowing any authenticated users, such as subscriber to delete arbitrary shipment Login as a subscriber an open https://example.com/wp-admin/admin-post.php?action=multiparcelsdeleteshipping&id=1 to delete the shipment with...

8.1CVSS8.2AI score0.00592EPSS
Exploits2
Rows per page
Query Builder