Lucene search
K
MultiparcelsMultiparcels Shipping For Woocommerce

5 matches found

CVE
CVE
added 2023/08/07 2:31 p.m.74 views

CVE-2023-3365

CVE-2023-3365 affects MultiParcels Shipping For WooCommerce (WordPress plugin). The root cause is missing authorization checks when deleting shipments, enabling any authenticated user (e.g., subscribers) to delete arbitrary shipments. Public sources in connected documents confirm this vulnerabili...

8.1CVSS8AI score0.00592EPSS
Web
CVE
CVE
added 2023/08/07 2:31 p.m.66 views

CVE-2023-2843

CVE-2023-2843 affects the MultiParcels Shipping For WooCommerce WordPress plugin, vulnerable in versions before 1.14.15. A parameter is not properly sanitized/escaped before being used in an SQL statement, allowing authenticated users (e.g., subscribers) to perform SQL Injection. Root cause: impr...

8.8CVSS8.9AI score0.00693EPSS
Web
CVE
CVE
added 2023/08/07 2:31 p.m.65 views

CVE-2023-3671

CVE-2023-3671 affects the WordPress plugin MultiParcels Shipping For WooCommerce and is caused by insufficient sanitisation/escaping of parameters, leading to a reflected XSS. Vulnerable version range: before 1.15.4 (i.e., prior to plugin version 1.15.4). Impact stated: XSS could be exploited aga...

6.1CVSS6.1AI score0.00396EPSS
Web
CVE
CVE
added 2023/08/21 12:29 p.m.50 views

CVE-2023-3954

CVE-2023-3954 affects the MultiParcels Shipping For WooCommerce WordPress plugin prior to version 1.15.4. A Reflected XSS exists where an unsanitized parameter is output back to the page, enabling attack against admin/high-privilege users. A PoC is referenced in the connected exploit entry, illus...

6.1CVSS6.1AI score0.00396EPSS
Web
CVE
CVE
added 2023/08/21 12:29 p.m.49 views

CVE-2023-3366

The CVE-2023-3366 entry applies to the WordPress plugin MultiParcels Shipping For WooCommerce (versions before 1.15.2). The root cause is a missing CSRF check when deleting a shipment, enabling CSRF abuse to delete arbitrary shipments by any logged-in user. Impact is limited to CSRF-enabled actio...

4.3CVSS4.6AI score0.00231EPSS
Web