Lucene search

K
prionPRIOn knowledge basePRION:CVE-2023-2892
HistoryJun 09, 2023 - 7:15 a.m.

Cross site request forgery (csrf)

2023-06-0907:15:00
PRIOn knowledge base
www.prio-n.com
3
cross-site request forgery
vulnerability
wp easycart
wordpress
nonce validation
unauthenticated attackers
bulk delete products

4.1 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

44.1%

The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the process_bulk_delete_product function. This makes it possible for unauthenticated attackers to bulk delete products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CPENameOperatorVersion
wp_easycartle5.4.8

4.1 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

44.1%

Related for PRION:CVE-2023-2892