Vulnerabilities > CVE-2023-3366 - Unspecified vulnerability in Multiparcels Shipping for Woocommerce
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
LOW Availability impact
NONE Summary
The MultiParcels Shipping For WooCommerce WordPress plugin before 1.15.2 does not have CRSF check when deleting a shipment, allowing attackers to make any logged in user, delete arbitrary shipment via a CSRF attack