MEDIUM
richardperdaan
CVE published 2026-07-11
CVE-2026-8678
The MyParcel plugin for WordPress has an authorization bypass vulnerability in all versions up to and including 4.25.1. Authenticated attackers with subscriber-level access can view and modify shipment options on any order, including carrier, delivery type, package type, number of labels, weight, signature requirement, and insurance. This vulnerability has a CVSS score of 4.3 and a severity of MEDIUM. Use [truncated]