Vulnerabilities and security researches formultiparcels-shipping-for-woocommerce multiparcels-shipping-for-woocommerce

Jun 06, 2024

CVE, Research URL: CVE-2024-32095
Home page URL: Security reports for MultiParcels Shipping For WooCommerce
Application: MultiParcels Shipping For WooCommerce
Date: Apr 15, 2024
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in MultiParcels MultiParcels Shipping For WooCommerce.This issue affects MultiParcels Shipping For WooCommerce: from n/a before 1.16.9.
Affected versions: max 1.16.9.
Status: vulnerable

CVE, Research URL: CVE-2023-3365
Home page URL: Security reports for MultiParcels Shipping For WooCommerce
Application: MultiParcels Shipping For WooCommerce
Date: Aug 07, 2023
Research Description: The MultiParcels Shipping For WooCommerce WordPress plugin before 1.14.14 does not have authorisation when deleting shipment, allowing any authenticated users, such as subscriber to delete arbitrary shipment
Affected versions: max 1.14.14.
Status: vulnerable

CVE, Research URL: CVE-2023-3671
Home page URL: Security reports for MultiParcels Shipping For WooCommerce
Application: MultiParcels Shipping For WooCommerce
Date: Aug 07, 2023
Research Description: The MultiParcels Shipping For WooCommerce WordPress plugin before 1.15.4 does not sanitise and escape various parameters before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
Affected versions: max 1.15.4.
Status: vulnerable

CVE, Research URL: CVE-2023-2843
Home page URL: Security reports for MultiParcels Shipping For WooCommerce
Application: MultiParcels Shipping For WooCommerce
Date: Aug 07, 2023
Research Description: The MultiParcels Shipping For WooCommerce WordPress plugin before 1.14.15 does not properly sanitize and escape a parameter before using it in an SQL statement, which could allow any authenticated users, such as subscribers, to perform SQL Injection attacks.
Affected versions: max 1.15.8.
Status: vulnerable

CVE, Research URL: CVE-2023-3954
Home page URL: Security reports for MultiParcels Shipping For WooCommerce
Application: MultiParcels Shipping For WooCommerce
Date: Aug 21, 2023
Research Description: The MultiParcels Shipping For WooCommerce WordPress plugin before 1.15.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
Affected versions: Min 1.15.2, max 1.15.3.
Status: vulnerable

CVE, Research URL: CVE-2023-3366
Home page URL: Security reports for MultiParcels Shipping For WooCommerce
Application: MultiParcels Shipping For WooCommerce
Date: Aug 21, 2023
Research Description: The MultiParcels Shipping For WooCommerce WordPress plugin before 1.15.2 does not have CRSF check when deleting a shipment, allowing attackers to make any logged in user, delete arbitrary shipment via a CSRF attack
Affected versions: max 1.15.2.
Status: vulnerable

Dec 11, 2025

CVE, Research URL: CVE-2025-62995
Home page URL: Security reports for MultiParcels Shipping For WooCommerce
Application: MultiParcels Shipping For WooCommerce
Date: Dec 09, 2025
Research Description: Missing Authorization vulnerability in multiparcels MultiParcels Shipping For WooCommerce multiparcels-shipping-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MultiParcels Shipping For WooCommerce: from n/a through <= 1.30.12.
Affected versions: max 1.30.12.
Status: vulnerable