CVE-2023-3365

CWE-862Missing Authorization3 documents3 sources
Severity
8.1HIGH
EPSS
0.1%
top 69.85%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Unknown Multiparcels Shipping FOR WoocommerceMultiparcels Multiparcels Shipping FOR Woocommerce
Timeline
PublishedAug 7

Description

The MultiParcels Shipping For WooCommerce WordPress plugin before 1.14.14 does not have authorisation when deleting shipment, allowing any authenticated users, such as subscriber to delete arbitrary shipment

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:HExploitability: 2.8 | Impact: 5.2

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-wgqf-88gq-8wjm: The MultiParcels Shipping For WooCommerce WordPress plugin before 12023-08-07
CVEList
MultiParcels Shipping For WooCommerce < 1.14.14 - Subscriber+ Arbitrary Shipment Deletion2023-08-07
CVE-2023-3365 (HIGH CVSS 8.1) | The MultiParcels Shipping For WooCo | cvebase.io