PatchSiren

richardperdaan CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

MEDIUM richardperdaan CVE published 2026-07-11

CVE-2026-8678

The MyParcel plugin for WordPress has an authorization bypass vulnerability in all versions up to and including 4.25.1. Authenticated attackers with subscriber-level access can view and modify shipment options on any order, including carrier, delivery type, package type, number of labels, weight, signature requirement, and insurance. This vulnerability has a CVSS score of 4.3 and a severity of MEDIUM. Use [truncated]