Vulnerability CVE-2022-3999
Published: 2022-12-12

Description:
The WooCommerce Shipping WordPress plugin through 1.2.11 does not have authorisation and CRSF in an AJAX action, which could allow any authenticated users, such as subscriber to delete arbitrary options from the blog, which could make the blog unavailable.

Type:

CWE-862

 (Missing Authorization)

 References:
https://wpscan.com/vulnerability/625ae924-68db-4579-a34f-e6f33aa33643
Copyright 2026, cxsecurity.com

 

Back to Top