The WooCommerce Multiple Customer Addresses & Shipping WordPress plugin before 21.7 does not ensure that the address to add/update/retrieve/delete and duplicate belong to the user making the request, or is from a high privilege users, allowing any authenticated users, such as subscriber to add/update/duplicate/delete as well as retrieve addresses of other users.
References
| Link | Resource |
|---|---|
| https://wpscan.com/vulnerability/e39c0171-ed4a-4143-9a31-c407e3555eec | Exploit Third Party Advisory |
| https://wpscan.com/vulnerability/e39c0171-ed4a-4143-9a31-c407e3555eec | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 07:37
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://wpscan.com/vulnerability/e39c0171-ed4a-4143-9a31-c407e3555eec - Exploit, Third Party Advisory |
23 Mar 2023, 19:05
| Type | Values Removed | Values Added |
|---|---|---|
| References | (MISC) https://wpscan.com/vulnerability/e39c0171-ed4a-4143-9a31-c407e3555eec - Exploit, Third Party Advisory | |
| CPE | cpe:2.3:a:woocommerce_multiple_customer_addresses_\&_shipping_project:woocommerce_multiple_customer_addresses_\&_shipping:*:*:*:*:*:wordpress:*:* | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
20 Mar 2023, 16:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-03-20 16:15
Updated : 2024-11-21 07:37
NVD link : CVE-2023-0865
Mitre link : CVE-2023-0865
CVE.ORG link : CVE-2023-0865
JSON object : View
Products Affected
woocommerce_multiple_customer_addresses_\&_shipping_project
- woocommerce_multiple_customer_addresses_\&_shipping
CWE
No CWE.