Wcmultishipping
Monthly
SQL injection in the WCMultiShipping WordPress plugin (Mondial Relay & Chronopost for WooCommerce) versions 3.0.2 and earlier allows authenticated users holding only the low-privilege Subscriber role to inject arbitrary SQL into backend queries. The scope-changed CVSS 8.5 reflects high confidentiality impact across security boundaries, and no public exploit identified at time of analysis. Disclosure originates from Patchstack's WordPress vulnerability database.
SQL injection in the WCMultiShipping WordPress plugin (Mondial Relay & Chronopost for WooCommerce) versions 3.0.2 and earlier allows authenticated users holding only the low-privilege Subscriber role to inject arbitrary SQL into backend queries. The scope-changed CVSS 8.5 reflects high confidentiality impact across security boundaries, and no public exploit identified at time of analysis. Disclosure originates from Patchstack's WordPress vulnerability database.