CVE-2023-3365

EUVD-2023-44032
The MultiParcels Shipping For WooCommerce WordPress plugin before 1.14.14 does not have authorisation when deleting shipment, allowing any authenticated users, such as subscriber to delete arbitrary shipment
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.1 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
CISA-ADPADP
8.1 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 30%
Affected Products (NVD)
VendorProductVersion
multiparcelsmultiparcels_shipping_for_woocommerce
𝑥
< 1.14.14
𝑥
= Vulnerable software versions
References
https://wpscan.com/vulnerability/21ce5baa-8085-4053-8d8b-f7d3e2ae70c1
https://wpscan.com/vulnerability/21ce5baa-8085-4053-8d8b-f7d3e2ae70c1