CVE-2023-48274 MEDIUM

CVE-2023-48274: WordPress WCMultiShipping plugin <= 2.3.5 - Broken Access Control vulnerability

Vendor Mondial Relay Woocommerce - Wcmultishipping
Product WCMultiShipping
Weakness CWE-862 · Missing authorization
Published December 9, 2024
Last update April 28, 2026
View on NVD All CVEs

CVSS base score

6.5/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

Missing Authorization vulnerability in Mondial Relay WooCommerce - WCMultiShipping WCMultiShipping allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WCMultiShipping: from n/a through 2.3.5.

Key dates

02Disclosure timeline

December 9, 2024 CVE published
April 28, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-43956 WordPress MemberPress plugin <= 1.11.34 - Broken Access Control vulnerability CVE-2026-33359 Meari unauthenticated alert image access in cloud object storage CVE-2024-12341 Custom Skins Contact Form 7 <= 1.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Update and Skin Creation CVE-2025-48337 WordPress QuickCab plugin <= 1.3.3 - Broken Access Control vulnerability CVE-2023-41875 WordPress WP Directory Kit plugin <= 1.2.6 - Broken Access Control vulnerability