151 matches found
CVE-2024-32452
Technical details about CVE-2024-32452 are not provided in the connected documents. No vendor/product/version/root-cause/impact/patch details are present here. Monitor for updates from official advisories.
CVE-2024-32452 WordPress Shopping Cart & eCommerce Store plugin <= 5.5.19 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in WP EasyCart.This issue affects WP EasyCart: from n/a through 5.5.19...
CVE-2024-32452 WordPress Shopping Cart & eCommerce Store plugin <= 5.5.19 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in WP EasyCart.This issue affects WP EasyCart: from n/a through 5.5.19...
WordPress WP EasyCart Plugin <= 5.6.3 is vulnerable to SQL Injection
Software WP EasyCart Type Plugin Vulnerable versions = 5.6.3 Fixed in 5.6.4 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-3211 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 68d2c07621df Credits Krzysztof Zając Required privilege Contributor Publish...
PT-2024-24583 · Unknown · Wp Easycart
Name of the Vulnerable Software and Affected Versions: WP EasyCart versions through 5.5.19 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions on a web application that the user...
WordPress Shopping Cart & eCommerce Store plugin <= 5.5.19 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin WP EasyCart versions = 5.5.19...
WordPress WP EasyCart Plugin <= 5.5.19 is vulnerable to Cross Site Request Forgery (CSRF)
Software WP EasyCart Type Plugin Vulnerable versions = 5.5.19 Fixed in 5.6.0 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-32452 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 56a419e0594b Credits Dhabaleshwar Das...
CVE-2023-3023
The WP EasyCart plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in versions up to, and including, 5.4.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
Sql injection
The WP EasyCart plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in versions up to, and including, 5.4.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
CVE-2023-3023
The WP EasyCart plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in versions up to, and including, 5.4.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
CVE-2023-3023
CVE-2023-3023 concerns the WP EasyCart WordPress plugin. The vulnerability is a time-based SQL Injection via the vulnerable parameter “orderby” in versions up to and including 5.4.10, caused by insufficient escaping of user input and lack of proper SQL query preparation. This can allow an authent...
WordPress Plugin WP EasyCart SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress Plugin WP EasyCar...
WordPress WP EasyCart Plugin <= 5.4.10 is vulnerable to SQL Injection
Software WP EasyCart Type Plugin Vulnerable versions = 5.4.10 Fixed in 5.4.11 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-3023 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 7fe998afdaf8 Credits Alex Thomas Required privilege Administrator Publish...
CVE-2023-2896
The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the processduplicateproduct function. This makes it possible for unauthenticated attackers to duplicate products via a...
CVE-2023-2895
The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the processbulkactivateproduct function. This makes it possible for unauthenticated attackers to bulk activate products...
CVE-2023-2894
The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the processbulkdeactivateproduct function. This makes it possible for unauthenticated attackers to bulk deactivate...
CVE-2023-2893
The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the processdeactivateproduct function. This makes it possible for unauthenticated attackers to deactivate products via ...
CVE-2023-2894
The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the processbulkdeactivateproduct function. This makes it possible for unauthenticated attackers to bulk deactivate...
CVE-2023-2893
The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the processdeactivateproduct function. This makes it possible for unauthenticated attackers to deactivate products via ...
CVE-2023-2896
The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the processduplicateproduct function. This makes it possible for unauthenticated attackers to duplicate products via a...