cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-3366,https://securityvulnerability.io/vulnerability/CVE-2023-3366,MultiParcels Shipping For WooCommerce < 1.15.2 - Arbitrary Shipment Deletion via CSRF,"The MultiParcels Shipping For WooCommerce WordPress plugin before 1.15.2 does not have CRSF check when deleting a shipment, allowing attackers to make any logged in user, delete arbitrary shipment via a CSRF attack",Wordpress,Multiparcels Shipping For WooCommerce,4.3,MEDIUM,0.000539999979082495,false,,false,false,false,,false,false,2023-08-21T17:15:00.000Z,0
CVE-2023-3954,https://securityvulnerability.io/vulnerability/CVE-2023-3954,MultiParcels Shipping For WooCommerce 1.15.2-1.15.3 - Reflected XSS,"The MultiParcels Shipping For WooCommerce WordPress plugin before 1.15.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin",Wordpress,MultiParcels Shipping For WooCommerce,6.1,MEDIUM,0.0006600000197067857,false,,false,false,false,,false,false,2023-08-21T17:15:00.000Z,0
CVE-2023-2843,https://securityvulnerability.io/vulnerability/CVE-2023-2843,MultiParcels Shipping For WooCommerce < 1.14.15 - Subscribers+ SQLi,"The MultiParcels Shipping for WooCommerce plugin for WordPress, prior to version 1.14.15, contains a vulnerability where user inputs are not adequately sanitized and escaped before being used in SQL statements. This oversight permits authenticated users, including those with subscriber roles, to execute SQL injection attacks. Such attacks could compromise the security of the database and lead to unauthorized data access or manipulation.",Wordpress,Multiparcels Shipping For WooCommerce,8.8,HIGH,0.0008500000112690032,false,,false,false,false,,false,false,2023-08-07T15:15:00.000Z,0
CVE-2023-3365,https://securityvulnerability.io/vulnerability/CVE-2023-3365,MultiParcels Shipping For WooCommerce < 1.14.14 - Subscriber+ Arbitrary Shipment Deletion,"The MultiParcels Shipping For WooCommerce plugin before version 1.14.14 is susceptible to an authorization vulnerability that allows any authenticated user, including subscribers, to delete arbitrary shipments. This flaw can lead to unauthorized removal of shipment data, potentially affecting ecommerce operations and user trust.",Wordpress,Multiparcels Shipping For WooCommerce,8.1,HIGH,0.0005699999746866524,false,,false,false,false,,false,false,2023-08-07T15:15:00.000Z,0
CVE-2023-3671,https://securityvulnerability.io/vulnerability/CVE-2023-3671,MultiParcels Shipping For WooCommerce < 1.15.4 - Reflected XSS,"The MultiParcels Shipping For WooCommerce WordPress plugin before 1.15.4 does not sanitise and escape various parameters before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin",Wordpress,MultiParcels Shipping For WooCommerce,6.1,MEDIUM,0.0007300000288523734,false,,false,false,false,,false,false,2023-08-07T15:15:00.000Z,0