exploitDog

CVE-2023-3366

Опубликовано: 21 авг. 2023

Источник: nvd

CVSS3: 4.3

EPSS Низкий

Описание

The MultiParcels Shipping For WooCommerce WordPress plugin before 1.15.2 does not have CRSF check when deleting a shipment, allowing attackers to make any logged in user, delete arbitrary shipment via a CSRF attack

Ссылки

https://wpscan.com/vulnerability/b2f06223-9352-4227-ae94-32061e2c5611
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/b2f06223-9352-4227-ae94-32061e2c5611
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:multiparcels:multiparcels_shipping_for_woocommerce:*:*:*:*:*:wordpress:*:*

Версия до 1.15.2 (исключая)

EPSS

Процентиль: 21%

0.00067

Низкий

4.3 Medium

CVSS3

Дефекты

Связанные уязвимости

GHSA-rjhf-7g74-c4qg

CVSS3: 4.3

github

больше 2 лет назад

The MultiParcels Shipping For WooCommerce WordPress plugin before 1.15.2 does not have CRSF check when deleting a shipment, allowing attackers to make any logged in user, delete arbitrary shipment via a CSRF attack

EPSS

Процентиль: 21%

0.00067

Низкий

4.3 Medium

CVSS3

Дефекты