Lucene search
+L

151 matches found

CVE
CVE
added 2024/04/15 7:49 a.m.55 views

CVE-2024-32452

Technical details about CVE-2024-32452 are not provided in the connected documents. No vendor/product/version/root-cause/impact/patch details are present here. Monitor for updates from official advisories.

5.4CVSS5.1AI score0.00209EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/04/15 7:49 a.m.19 views

CVE-2024-32452 WordPress Shopping Cart & eCommerce Store plugin <= 5.5.19 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in WP EasyCart.This issue affects WP EasyCart: from n/a through 5.5.19...

5.4CVSS5.8AI score0.00209EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/04/15 7:49 a.m.11 views

CVE-2024-32452 WordPress Shopping Cart & eCommerce Store plugin <= 5.5.19 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in WP EasyCart.This issue affects WP EasyCart: from n/a through 5.5.19...

5.4CVSS7AI score0.00209EPSS
Exploits0References1
Patchstack
Patchstack
added 2024/04/15 12:0 a.m.7 views

WordPress WP EasyCart Plugin <= 5.6.3 is vulnerable to SQL Injection

Software WP EasyCart Type Plugin Vulnerable versions = 5.6.3 Fixed in 5.6.4 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-3211 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 68d2c07621df Credits Krzysztof Zając Required privilege Contributor Publish...

8.8CVSS7.2AI score0.00561EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2024/04/15 12:0 a.m.7 views

PT-2024-24583 · Unknown · Wp Easycart

Name of the Vulnerable Software and Affected Versions: WP EasyCart versions through 5.5.19 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions on a web application that the user...

5.4CVSS6.5AI score0.00209EPSS
Exploits0References3
Patchstack
Patchstack
added 2024/04/12 4:44 p.m.5 views

WordPress Shopping Cart & eCommerce Store plugin <= 5.5.19 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin WP EasyCart versions = 5.5.19...

5.4CVSS7AI score0.00209EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/04/12 12:0 a.m.13 views

WordPress WP EasyCart Plugin <= 5.5.19 is vulnerable to Cross Site Request Forgery (CSRF)

Software WP EasyCart Type Plugin Vulnerable versions = 5.5.19 Fixed in 5.6.0 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-32452 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 56a419e0594b Credits Dhabaleshwar Das...

5.4CVSS7AI score0.00209EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2023/07/12 5:15 a.m.7 views

CVE-2023-3023

The WP EasyCart plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in versions up to, and including, 5.4.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

7.2CVSS7.3AI score0.00707EPSS
Exploits0References2
Prion
Prion
added 2023/07/12 5:15 a.m.22 views

Sql injection

The WP EasyCart plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in versions up to, and including, 5.4.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

5.8CVSS7AI score0.00707EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/07/12 4:38 a.m.22 views

CVE-2023-3023

The WP EasyCart plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in versions up to, and including, 5.4.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

7.2CVSS7.6AI score0.00707EPSS
Exploits0References2
CVE
CVE
added 2023/07/12 4:38 a.m.43 views

CVE-2023-3023

CVE-2023-3023 concerns the WP EasyCart WordPress plugin. The vulnerability is a time-based SQL Injection via the vulnerable parameter “orderby” in versions up to and including 5.4.10, caused by insufficient escaping of user input and lack of proper SQL query preparation. This can allow an authent...

7.2CVSS7AI score0.00707EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2023/07/12 12:0 a.m.9 views

WordPress Plugin WP EasyCart SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress Plugin WP EasyCar...

7.2CVSS7.8AI score0.00707EPSS
Exploits0References3
Patchstack
Patchstack
added 2023/06/12 12:0 a.m.12 views

WordPress WP EasyCart Plugin <= 5.4.10 is vulnerable to SQL Injection

Software WP EasyCart Type Plugin Vulnerable versions = 5.4.10 Fixed in 5.4.11 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-3023 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 7fe998afdaf8 Credits Alex Thomas Required privilege Administrator Publish...

7.2CVSS6.8AI score0.00707EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2023/06/09 7:15 a.m.2 views

CVE-2023-2896

The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the processduplicateproduct function. This makes it possible for unauthenticated attackers to duplicate products via a...

4.3CVSS6.7AI score0.00241EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2023/06/09 7:15 a.m.6 views

CVE-2023-2895

The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the processbulkactivateproduct function. This makes it possible for unauthenticated attackers to bulk activate products...

4.3CVSS6.7AI score0.00241EPSS
Exploits0References3
NVD
NVD
added 2023/06/09 7:15 a.m.32 views

CVE-2023-2894

The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the processbulkdeactivateproduct function. This makes it possible for unauthenticated attackers to bulk deactivate...

4.3CVSS4.1AI score0.00241EPSS
Exploits0References2
NVD
NVD
added 2023/06/09 7:15 a.m.26 views

CVE-2023-2893

The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the processdeactivateproduct function. This makes it possible for unauthenticated attackers to deactivate products via ...

4.3CVSS4.1AI score0.00241EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2023/06/09 7:15 a.m.3 views

CVE-2023-2894

The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the processbulkdeactivateproduct function. This makes it possible for unauthenticated attackers to bulk deactivate...

4.3CVSS6.7AI score0.00241EPSS
Exploits0References3
OSV
OSV
added 2023/06/09 7:15 a.m.4 views

CVE-2023-2893

The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the processdeactivateproduct function. This makes it possible for unauthenticated attackers to deactivate products via ...

4.3CVSS6.5AI score0.00241EPSS
Exploits0References2
OSV
OSV
added 2023/06/09 7:15 a.m.7 views

CVE-2023-2896

The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the processduplicateproduct function. This makes it possible for unauthenticated attackers to duplicate products via a...

4.3CVSS6.5AI score0.00241EPSS
Exploits0References2
Rows per page
Query Builder