Lucene search
K

43 matches found

Patchstack
Patchstack
added 2024/05/10 12:0 a.m.13 views

WordPress WP EasyCart Plugin <= 5.6.4 is vulnerable to Sensitive Data Exposure

Software WP EasyCart Type Plugin Vulnerable versions = 5.6.4 Fixed in 5.6.5 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-4213 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 947585bf2bdc Credits rptl Required privilege...

5.3CVSS6.5AI score0.00496EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/04/15 12:0 a.m.6 views

WordPress WP EasyCart Plugin <= 5.6.3 is vulnerable to SQL Injection

Software WP EasyCart Type Plugin Vulnerable versions = 5.6.3 Fixed in 5.6.4 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-3211 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 68d2c07621df Credits Krzysztof Zając Required privilege Contributor Publish...

8.8CVSS7.2AI score0.00561EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/04/12 4:44 p.m.4 views

WordPress Shopping Cart & eCommerce Store plugin <= 5.5.19 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin WP EasyCart versions = 5.5.19...

5.4CVSS7AI score0.00209EPSS
Exploits0Affected Software1
OSV
OSV
added 2023/07/12 5:15 a.m.7 views

CVE-2023-3023

The WP EasyCart plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in versions up to, and including, 5.4.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

7.2CVSS7.3AI score0.00707EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/07/12 4:38 a.m.21 views

CVE-2023-3023

The WP EasyCart plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in versions up to, and including, 5.4.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

7.2CVSS7.6AI score0.00707EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/07/12 12:0 a.m.9 views

WordPress Plugin WP EasyCart SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress Plugin WP EasyCar...

7.2CVSS7.8AI score0.00707EPSS
Exploits0References3
NVD
NVD
added 2023/06/09 7:15 a.m.24 views

CVE-2023-2893

The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the processdeactivateproduct function. This makes it possible for unauthenticated attackers to deactivate products via ...

4.3CVSS4.1AI score0.00241EPSS
Exploits0References2
OSV
OSV
added 2023/06/09 7:15 a.m.3 views

CVE-2023-2893

The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the processdeactivateproduct function. This makes it possible for unauthenticated attackers to deactivate products via ...

4.3CVSS6.5AI score0.00241EPSS
Exploits0References2
Prion
Prion
added 2023/06/09 7:15 a.m.23 views

Cross site request forgery (csrf)

The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the processbulkdeactivateproduct function. This makes it possible for unauthenticated attackers to bulk deactivate...

4.3CVSS4.1AI score0.00241EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2023/06/09 7:15 a.m.26 views

Cross site request forgery (csrf)

The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the processdeactivateproduct function. This makes it possible for unauthenticated attackers to deactivate products via ...

4.3CVSS4.1AI score0.00241EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/06/09 6:48 a.m.28 views

CVE-2023-2892 WP EasyCart <= 5.4.8 - Cross-Site Request Forgery via process_bulk_delete_product

The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the processbulkdeleteproduct function. This makes it possible for unauthenticated attackers to bulk delete products via...

6.5CVSS6.6AI score0.00232EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/06/09 6:48 a.m.19 views

CVE-2023-2893

The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the processdeactivateproduct function. This makes it possible for unauthenticated attackers to deactivate products via ...

4.3CVSS6.5AI score0.00241EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/06/09 12:0 a.m.9 views

PT-2023-22038 · WordPress · Wp Easycart

Name of the Vulnerable Software and Affected Versions: WP EasyCart plugin for WordPress versions up to, and including, 5.4.8 Description: The issue is due to missing or incorrect nonce validation on the process bulk delete product function, making it possible for unauthenticated attackers to bulk...

6.5CVSS5.3AI score0.00232EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/06/09 12:0 a.m.5 views

PT-2023-22049 · Unknown · Wp Easycart

Name of the Vulnerable Software and Affected Versions: WP EasyCart plugin for WordPress versions up to, and including, 5.4.8 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the process bulk activate product function. This allows...

4.3CVSS5.2AI score0.00241EPSS
Exploits0References6
CNNVD
CNNVD
added 2023/06/09 12:0 a.m.7 views

WordPress plugin WP EasyCart 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

4.3CVSS6.2AI score0.00241EPSS
Exploits0References3
Patchstack
Patchstack
added 2023/05/29 12:0 a.m.16 views

WordPress WP EasyCart Plugin <= 5.4.8 is vulnerable to Cross Site Request Forgery (CSRF)

Software WP EasyCart Type Plugin Vulnerable versions = 5.4.8 Fixed in 5.4.9 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-2896 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 38d3a2d175fc Credits Alex Thomas Required...

4.3CVSS7AI score0.00241EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2022/12/27 12:0 a.m.13 views

WP EasyCart Plugin for WordPress < 3.0.9 Unrestricted File Upload

The WordPress WP EasyCart Plugin installed on the remote host is affected by an Unrestricted File Upload. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number. No source data...

6.5CVSS7.4AI score0.51617EPSS
Exploits7References2
CNVD
CNVD
added 2017/10/17 12:0 a.m.7 views

Wordpress WP EasyCart Plugin Information Disclosure Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports PHP and MySQL servers to set up a personal blog site.WP EasyCart aka WordPress Shopping Cart is one of the shopping cart plug-ins. Wordpress WP EasyCart plugin version...

8.8CVSS8.6AI score0.18932EPSS
Exploits4References1
NVD
NVD
added 2017/10/06 10:29 p.m.21 views

CVE-2015-2673

The ecajaxupdateoption and ecajaxclearalltaxrates functions in inc/admin/adminajaxfunctions.php in the WP EasyCart plugin 1.1.30 through 3.0.20 for WordPress allow remote attackers to gain administrator privileges and execute arbitrary code via the optionname and optionvalue parameters...

8.8CVSS9.1AI score0.18932EPSS
Exploits4References1
CVE
CVE
added 2017/10/06 10:0 p.m.47 views

CVE-2015-2673

CVE-2015-2673 affects the WordPress WP EasyCart plugin (versions 1.1.30–3.0.20). The vulnerability resides in ec_ajax_update_option and ec_ajax_clear_all_taxrates in inc/admin/admin_ajax_functions.php, where lack of input validation allows authenticated users to modify any system option, enabling...

8.8CVSS9.1AI score0.18932EPSS
Exploits4References1Affected Software1
Rows per page
Query Builder