CVE-2023-2843 Information

Description

The MultiParcels Shipping For WooCommerce WordPress plugin before 1.14.15 does not properly sanitize and escape a parameter before using it in an SQL statement which could allow any authenticated users such as subscribers to perform SQL Injection attacks.

Reference

https://wpscan.com/vulnerability/8e713eaf-f332-47e2-a131-c14222201fdc