WordPress Plugin Vulnerabilities

WooCommerce Ship to Multiple Addresses < 3.8.10 - Missing Authorization

Description

The WooCommerce Ship to Multiple Addresses plugin for WordPress is vulnerable to unauthorized action due to a missing capability check on a function in versions up to, and including, 3.8.9. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an unauthorized action.

Affects Plugins

Plugin icon
woocommerce-shipping-multiple-addresses
Fixed in 3.8.10

References

CVE
CVE-2023-51497
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/63ab255f-e061-447b-a2b6-21a85eed9d57

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Rafie Muhammad
Verified
No
WPVDB ID
e44bb066-3883-4f78-ade2-525b9a57965d

Timeline

Publicly Published
2023-12-27 (about 2 years ago)
Added
2024-01-04 (about 2 years ago)
Last Updated
2024-01-22 (about 2 years ago)

Other

Published
Title
Published
2025-09-22
Title
CardCom Payment Gateway <= 3.5.0.5 - Missing Authorization
Published
2025-09-23
Title
Houzez Theme - Functionality < 4.1.4 - Missing Authorization
Published
2026-03-01
Title
VW Education Lite < 2.2.1 - Missing Authorization
Published
2025-10-12
Title
Masterstudy Elementor Widgets < 1.2.5 - Missing Authorization
Published
2025-12-08
Title
Email Capture < 3.12.5 - Missing Authorization