Multiparcels Multiparcels Shipping For Woocommerce — known CVE vulnerabilities
Every CVE whose affected-product data names Multiparcels Multiparcels Shipping For Woocommerce, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (5)
CVE-2023-2843 — CVSS 8.8 (high): The MultiParcels Shipping For WooCommerce WordPress plugin before 1.14.15 does not properly sanitize and escape a parameter before using it…
CVE-2023-3365 — CVSS 8.1 (high): The MultiParcels Shipping For WooCommerce WordPress plugin before 1.14.14 does not have authorisation when deleting shipment, allowing any…
CVE-2023-3671 — CVSS 6.1 (medium): The MultiParcels Shipping For WooCommerce WordPress plugin before 1.15.4 does not sanitise and escape various parameters before outputting…
CVE-2023-3954 — CVSS 6.1 (medium): The MultiParcels Shipping For WooCommerce WordPress plugin before 1.15.4 does not sanitise and escape a parameter before outputting it back…
CVE-2023-3366 — CVSS 4.3 (medium): The MultiParcels Shipping For WooCommerce WordPress plugin before 1.15.2 does not have CRSF check when deleting a shipment, allowing…