Skip to main content

Wcmultishipping

1 CVEs product

Monthly

CVE-2026-52700 HIGH This Week

SQL injection in the WCMultiShipping WordPress plugin (Mondial Relay & Chronopost for WooCommerce) versions 3.0.2 and earlier allows authenticated users holding only the low-privilege Subscriber role to inject arbitrary SQL into backend queries. The scope-changed CVSS 8.5 reflects high confidentiality impact across security boundaries, and no public exploit identified at time of analysis. Disclosure originates from Patchstack's WordPress vulnerability database.

SQLi Wcmultishipping
NVD
CVSS 3.1
8.5
EPSS
0.3%
EPSS 0% CVSS 8.5
HIGH This Week

SQL injection in the WCMultiShipping WordPress plugin (Mondial Relay & Chronopost for WooCommerce) versions 3.0.2 and earlier allows authenticated users holding only the low-privilege Subscriber role to inject arbitrary SQL into backend queries. The scope-changed CVSS 8.5 reflects high confidentiality impact across security boundaries, and no public exploit identified at time of analysis. Disclosure originates from Patchstack's WordPress vulnerability database.

SQLi Wcmultishipping
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy