Back to search
CVE-2023-0865
Published: Mar 20, 2023
Modified: Feb 26, 2025
PUBLISHED
Description
The WooCommerce Multiple Customer Addresses & Shipping WordPress plugin before 21.7 does not ensure that the address to add/update/retrieve/delete and duplicate belong to the user making the request, or is from a high privilege users, allowing any authenticated users, such as subscriber to add/update/duplicate/delete as well as retrieve addresses of other users.
| Vendor | Product | Versions |
|---|---|---|
Unknown | WooCommerce Multiple Customer Addresses & Shipping | affected 0 - < 21.7 |
References
https://wpscan.com/vulnerability/e39c0171-ed4a-4143-9a31-c407e3555eec
exploit
vdb-entry
technical-description
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now