Vulnerabilities > CVE-2022-3999 - Missing Authorization vulnerability in Dpdgroup Woocommerce Shipping 1.2.11

047910
CVSS 8.1 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
NONE
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
dpdgroup
CWE-862

Summary

The DPD Baltic Shipping WordPress plugin before 1.2.57 does not have authorisation and CSRF in an AJAX action, which could allow any authenticated users, such as subscriber to delete arbitrary options from the blog, which could make the blog unavailable.

Vulnerable Configurations

Part Description Count
Application
Dpdgroup
1

Common Weakness Enumeration (CWE)