Report
The MultiParcels Shipping plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'get_history' function in versions up to, and including, 1.14.13. This makes it possible for authenticated attackers with subscriber-level permissions to delete arbitrary shipments.
Score:5.4
Severity:Medium
Version:< 1.14.14
There is a patch available in v1.14.14 and we strongly recommend you update to this version as soon as possible.
