MultiParcels Shipping For WooCommerce < 1.14.15 - Subscribers+ SQLi
CVE-2023-2843
8.8HIGH
What is CVE-2023-2843?
The MultiParcels Shipping for WooCommerce plugin for WordPress, prior to version 1.14.15, contains a vulnerability where user inputs are not adequately sanitized and escaped before being used in SQL statements. This oversight permits authenticated users, including those with subscriber roles, to execute SQL injection attacks. Such attacks could compromise the security of the database and lead to unauthorized data access or manipulation.
Affected Version(s)
MultiParcels Shipping For WooCommerce 0 < 1.14.15