Vulnerability Details CVE-2023-0865
The WooCommerce Multiple Customer Addresses & Shipping WordPress plugin before 21.7 does not ensure that the address to add/update/retrieve/delete and duplicate belong to the user making the request, or is from a high privilege users, allowing any authenticated users, such as subscriber to add/update/duplicate/delete as well as retrieve addresses of other users.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.033
EPSS Ranking 86.7%
CVSS Severity
CVSS v3 Score 8.8
References
Products affected by CVE-2023-0865
-
Woocommerce Multiple Customer Addresses & Shipping Project » Woocommerce Multiple Customer Addresses & Shipping » Version: N/Acpe:2.3:a:woocommerce_multiple_customer_addresses_&_shipping_project:woocommerce_multiple_customer_addresses_&_shipping:-