Filtered by vendor Multiparcels
Subscribe
Search
Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-2843 | 1 Multiparcels | 1 Multiparcels Shipping For Woocommerce | 2023-08-09 | N/A | 8.8 HIGH |
| The MultiParcels Shipping For WooCommerce WordPress plugin before 1.14.15 does not properly sanitize and escape a parameter before using it in an SQL statement, which could allow any authenticated users, such as subscribers, to perform SQL Injection attacks. | |||||
| CVE-2023-3365 | 1 Multiparcels | 1 Multiparcels Shipping For Woocommerce | 2023-08-09 | N/A | 8.1 HIGH |
| The MultiParcels Shipping For WooCommerce WordPress plugin before 1.14.14 does not have authorisation when deleting shipment, allowing any authenticated users, such as subscriber to delete arbitrary shipment | |||||