WordPress Plugin Vulnerabilities

MultiParcels Shipping For WooCommerce < 1.15.2 - Arbitrary Shipment Deletion via CSRF

Description

The plugin does not have CRSF check when deleting a shipment, allowing attackers to make any logged in user, delete arbitrary shipment via a CSRF attack

Proof of Concept

Make any logged in user open https://example.com/wp-admin/admin-post.php?action=multiparcels_delete_shipping&id=1 to make them delete the shipment with ID 1

Affects Plugins

Plugin icon
multiparcels-shipping-for-woocommerce
Fixed in 1.15.2

References

CVE
CVE-2023-3366

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Erwan LR (WPScan)
Verified
Yes
WPVDB ID
b2f06223-9352-4227-ae94-32061e2c5611

Timeline

Publicly Published
2023-07-31 (about 10 months ago)
Added
2023-07-31 (about 10 months ago)
Last Updated
2023-07-31 (about 10 months ago)

Other

Published
Title
Published
2023-10-19
Title
Webpushr < 4.35.0 - LFI via CSRF
Published
2024-03-13
Title
Super Page Cache for Cloudflare < 4.7.6 - Cross-Site Request Forgery
Published
2023-08-17
Title
Simple Org Chart <= 2.3.4 - Settings Update via CSRF
Published
2023-12-27
Title
Quiz And Survey Master < 8.1.19 - Quiz Results Deletion via CSRF
Published
2023-09-20
Title
Inactive Logout < 3.2.3 - Cross-Site Request Forgery