PatchSiren cyber security CVE debrief
CVE-2026-52700 WcMultishipping – Mondial Relay & Chronopost for Wooommerce CVE debrief
CVE-2026-52700 is a HIGH severity vulnerability (CVSS Score: 8.5) affecting WCMultiShipping plugin versions <= 3.0.2. The vulnerability allows Subscriber SQL Injection attacks, potentially enabling attackers to manipulate database queries. The vulnerability was published on [cvePublishedAt] and last modified on [cveModifiedAt].
- Vendor
- WcMultishipping – Mondial Relay & Chronopost for Wooommerce
- Product
- WCMultiShipping
- CVSS
- HIGH 8.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-15
- Original CVE updated
- 2026-06-15
- Advisory published
- 2026-06-15
- Advisory updated
- 2026-06-15
Who should care
Users of WCMultiShipping plugin versions <= 3.0.2 should apply patches or mitigations to prevent Subscriber SQL Injection attacks.
Technical summary
The vulnerability is caused by inadequate input validation and sanitization in the WCMultiShipping plugin, allowing attackers to inject malicious SQL code. The CVSS vector is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L.
Defensive priority
HIGH
Recommended defensive actions
- Apply patches or updates to WCMultiShipping plugin versions <= 3.0.2.
- Implement additional security measures, such as input validation and sanitization, to prevent SQL Injection attacks.
Evidence notes
The vulnerability was reported by Patchstack (see resourceLinkAnnotations 'ref-4').
Official resources
-
CVE-2026-52700 CVE record
CVE.org
-
CVE-2026-52700 NVD detail
NVD
-
Source item URL
nvd_modified
- Mitigation or vendor reference
CVE-2026-52700 was published on 2026-06-15T21:17:24.620Z and last modified on 2026-06-15T21:24:32.790Z.