151 matches found
Cross site request forgery (csrf)
The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the processbulkdeleteproduct function. This makes it possible for unauthenticated attackers to bulk delete products via...
Cross site request forgery (csrf)
The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the processbulkactivateproduct function. This makes it possible for unauthenticated attackers to bulk activate products...
Cross site request forgery (csrf)
The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the processbulkdeactivateproduct function. This makes it possible for unauthenticated attackers to bulk deactivate...
Cross site request forgery (csrf)
The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the processdeactivateproduct function. This makes it possible for unauthenticated attackers to deactivate products via ...
CVE-2023-2892
CVE-2023-2892 affects the WP EasyCart WordPress plugin (versions up to 5.4.8). Root cause: missing/incorrect nonce validation in the process_bulk_delete_product function, enabling CSRF to bulk-delete products via forged requests if an admin is tricked into clicking a link. Public details confirm ...
CVE-2023-2892 WP EasyCart <= 5.4.8 - Cross-Site Request Forgery via process_bulk_delete_product
The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the processbulkdeleteproduct function. This makes it possible for unauthenticated attackers to bulk delete products via...
CVE-2023-2892 WP EasyCart <= 5.4.8 - Cross-Site Request Forgery via process_bulk_delete_product
The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the processbulkdeleteproduct function. This makes it possible for unauthenticated attackers to bulk delete products via...
CVE-2023-2894
CVE-2023-2894 affects WP EasyCart for WordPress (
CVE-2023-2894 WP EasyCart <= 5.4.8 - Cross-Site Request Forgery via process_bulk_deactivate_product
The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the processbulkdeactivateproduct function. This makes it possible for unauthenticated attackers to bulk deactivate...
CVE-2023-2893
The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the processdeactivateproduct function. This makes it possible for unauthenticated attackers to deactivate products via ...
CVE-2023-2893
CVE-2023-2893 affects the WP EasyCart WordPress plugin up to version 5.4.8. Root cause: missing or incorrect nonce validation in the process_deactivate_product function enables CSRF, allowing unauthenticated attackers to deactivate products via forged admin actions. Impact: potential unauthorized...
CVE-2023-2896
CVE-2023-2896 affects the WP EasyCart WordPress plugin up to version 5.4.8. Root cause: missing or incorrect nonce validation in the process_duplicate_product function, enabling CSRF where unauthenticated attackers can induce a site admin to duplicate products via forged requests. Impact per sour...
CVE-2023-2896 WP EasyCart <= 5.4.8 - Cross-Site Request Forgery via process_duplicate_product
The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the processduplicateproduct function. This makes it possible for unauthenticated attackers to duplicate products via a...
CVE-2023-2895
CVE-2023-2895 (WP EasyCart for WordPress) is a CSRF vulnerability affecting versions up to and including 5.4.8. Root cause: missing/incorrect nonce validation in the process_bulk_activate_product function allows unauthenticated attackers to bulk-activate products via forged requests, e.g., tricki...
CVE-2023-2895 WP EasyCart <= 5.4.8 - Cross-Site Request Forgery via process_bulk_activate_product
The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the processbulkactivateproduct function. This makes it possible for unauthenticated attackers to bulk activate products...
CVE-2023-2891
The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the processdeleteproduct function. This makes it possible for unauthenticated attackers to delete products via a forged...
CVE-2023-2891
The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the processdeleteproduct function. This makes it possible for unauthenticated attackers to delete products via a forged...
Cross site request forgery (csrf)
The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the processdeleteproduct function. This makes it possible for unauthenticated attackers to delete products via a forged...
CVE-2023-2891 WP EasyCart <= 5.4.8 - Cross-Site Request Forgery via process_delete_product
The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the processdeleteproduct function. This makes it possible for unauthenticated attackers to delete products via a forged...
CVE-2023-2891
CVE-2023-2891 affects the WP EasyCart WordPress plugin prior to version 5.4.9. The issue is a Cross-Site Request Forgery in the process_delete_product function due to missing nonce validation, allowing unauthenticated attackers to delete products via forged requests if they can trick an admin. Th...