CVE-2023-3365

Summary

The MultiParcels Shipping For WooCommerce WordPress plugin before 1.14.14 does not have authorisation when deleting shipment, allowing any authenticated users, such as subscriber to delete arbitrary shipment

Affected Software

VendorProductVersion RangeStatus
UnknownMultiParcels Shipping For WooCommerce0 < 1.14.14affected

Weaknesses

  • CWE-862 Missing Authorization

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References