CVE-2023-3366 — Cross-Site Request Forgery in Shipping FOR Woocommerce

The MultiParcels Shipping For WooCommerce WordPress plugin before 1.15.2 does not have CRSF check when deleting a shipment, allowing attackers to make any logged in user, delete arbitrary shipment via a CSRF attack