This vulnerability is a CSRF issue in the MultiParcels Shipping For WooCommerce plugin prior to version 1.16.9. It allows attackers to induce authenticated users to execute unintended actions by leveraging the lack of proper request validation. The CVSS 3.1 score is 4.3, reflecting a network attack vector, low complexity, no privileges required, user interaction needed, unchanged scope, no confidentiality impact, limited integrity impact, and no availability impact. There is no vendor-provided patch or official remediation level at this time.

The impact is limited to potential integrity issues caused by unauthorized actions performed through CSRF attacks. There is no impact on confidentiality or availability. Since no known exploits are reported, the immediate risk appears moderate but could increase if exploitation techniques emerge.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should consider implementing CSRF protections such as verifying request origins or using security plugins that add CSRF tokens. Avoid clicking on suspicious links while authenticated in the affected plugin environment.