CVE-2023-3366

Name of the Vulnerable Software and Affected Versions MultiParcels Shipping For WooCommerce WordPress plugin versions prior to 1.15.2

Description The issue allows attackers to make any logged-in user delete arbitrary shipments via a CSRF attack because the plugin does not have a CRSF check when deleting a shipment.

Recommendations For versions prior to 1.15.2, update to version 1.15.2 or later to resolve the issue. As a temporary workaround, consider implementing additional CSRF protection measures for shipment deletion until the update can be applied.