Lucene search
WpvulndbWPEX-ID:B2F06223-9352-4227-AE94-32061E2C5611HistoryJul 31, 2023 - 12:00 a.m.
MultiParcels Shipping For WooCommerce < 1.15.2 - Arbitrary Shipment Deletion via CSRF
2023-07-3100:00:00
wpvulndb
27
arbitrary
shipment
deletion
csrf
multiparcels
woocommerce
Description The plugin does not have CRSF check when deleting a shipment, allowing attackers to make any logged in user, delete arbitrary shipment via a CSRF attack
Make any logged in user open https://example.com/wp-admin/admin-post.php?action=multiparcels_delete_shipping&id=1 to make them delete the shipment with ID 1Related
wpvulndb
wpvulndb
nvd
nvd
CVE-2023-3366
2023-08-21 17:15:48
prion
prion
Cross site request forgery (csrf)
2023-08-21 17:15:00
cve
cve
CVE-2023-3366
2023-08-21 17:15:48
cvelist
cvelist
4.7 Medium
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
17.1%
Related for WPEX-ID:B2F06223-9352-4227-AE94-32061E2C5611