CVE-2023-48274
CVSS 3.1 Score 6.5 of 10 (medium)
Details
Published Dec 9, 2024
CWE ID 862
Summary
CVE-2023-48274 is a Missing Authorization vulnerability affecting WCMultiShipping, a plugin used in WooCommerce sites. The issue lies in WCMultiShipping's access control security, which can be exploited when configurations are incorrectly set. This vulnerability allows unauthorized access, potentially leading to data manipulation or unintended actions. Affected versions of WCMultiShipping range from none identified through 2.3.5. It is essential that users update to the latest patch or implement additional security measures to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share