MultiParcels Shipping For WooCommerce < 1.15.2 - Arbitrary Shipment Deletion via CSRF
CVE-2023-3366
4.3MEDIUM
What is CVE-2023-3366?
The MultiParcels Shipping For WooCommerce WordPress plugin before 1.15.2 does not have CRSF check when deleting a shipment, allowing attackers to make any logged in user, delete arbitrary shipment via a CSRF attack
Affected Version(s)
MultiParcels Shipping For WooCommerce 0 < 1.15.2