Lucene search
K

151 matches found

Prion
Prion
added 2023/06/09 7:15 a.m.25 views

Cross site request forgery (csrf)

The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the processbulkdeleteproduct function. This makes it possible for unauthenticated attackers to bulk delete products via...

4.3CVSS4.1AI score0.00232EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2023/06/09 7:15 a.m.19 views

Cross site request forgery (csrf)

The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the processbulkactivateproduct function. This makes it possible for unauthenticated attackers to bulk activate products...

4.3CVSS4.1AI score0.00241EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2023/06/09 7:15 a.m.24 views

Cross site request forgery (csrf)

The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the processbulkdeactivateproduct function. This makes it possible for unauthenticated attackers to bulk deactivate...

4.3CVSS4.1AI score0.00241EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2023/06/09 7:15 a.m.26 views

Cross site request forgery (csrf)

The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the processdeactivateproduct function. This makes it possible for unauthenticated attackers to deactivate products via ...

4.3CVSS4.1AI score0.00241EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2023/06/09 6:48 a.m.47 views

CVE-2023-2892

CVE-2023-2892 affects the WP EasyCart WordPress plugin (versions up to 5.4.8). Root cause: missing/incorrect nonce validation in the process_bulk_delete_product function, enabling CSRF to bulk-delete products via forged requests if an admin is tricked into clicking a link. Public details confirm ...

6.5CVSS4.4AI score0.00232EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/06/09 6:48 a.m.28 views

CVE-2023-2892 WP EasyCart <= 5.4.8 - Cross-Site Request Forgery via process_bulk_delete_product

The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the processbulkdeleteproduct function. This makes it possible for unauthenticated attackers to bulk delete products via...

6.5CVSS6.6AI score0.00232EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/06/09 6:48 a.m.28 views

CVE-2023-2892 WP EasyCart <= 5.4.8 - Cross-Site Request Forgery via process_bulk_delete_product

The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the processbulkdeleteproduct function. This makes it possible for unauthenticated attackers to bulk delete products via...

6.5CVSS6.2AI score0.00232EPSS
Exploits0References2
CVE
CVE
added 2023/06/09 6:48 a.m.59 views

CVE-2023-2894

CVE-2023-2894 affects WP EasyCart for WordPress (

4.3CVSS4.4AI score0.00241EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/06/09 6:48 a.m.12 views

CVE-2023-2894 WP EasyCart <= 5.4.8 - Cross-Site Request Forgery via process_bulk_deactivate_product

The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the processbulkdeactivateproduct function. This makes it possible for unauthenticated attackers to bulk deactivate...

4.3CVSS6.6AI score0.00241EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/06/09 6:48 a.m.19 views

CVE-2023-2893

The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the processdeactivateproduct function. This makes it possible for unauthenticated attackers to deactivate products via ...

4.3CVSS6.5AI score0.00241EPSS
Exploits0References2
CVE
CVE
added 2023/06/09 6:48 a.m.53 views

CVE-2023-2893

CVE-2023-2893 affects the WP EasyCart WordPress plugin up to version 5.4.8. Root cause: missing or incorrect nonce validation in the process_deactivate_product function enables CSRF, allowing unauthenticated attackers to deactivate products via forged admin actions. Impact: potential unauthorized...

4.3CVSS4.4AI score0.00241EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2023/06/09 6:48 a.m.58 views

CVE-2023-2896

CVE-2023-2896 affects the WP EasyCart WordPress plugin up to version 5.4.8. Root cause: missing or incorrect nonce validation in the process_duplicate_product function, enabling CSRF where unauthenticated attackers can induce a site admin to duplicate products via forged requests. Impact per sour...

4.3CVSS4.4AI score0.00241EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/06/09 6:48 a.m.14 views

CVE-2023-2896 WP EasyCart <= 5.4.8 - Cross-Site Request Forgery via process_duplicate_product

The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the processduplicateproduct function. This makes it possible for unauthenticated attackers to duplicate products via a...

4.3CVSS6.6AI score0.00241EPSS
Exploits0References2
CVE
CVE
added 2023/06/09 6:48 a.m.44 views

CVE-2023-2895

CVE-2023-2895 (WP EasyCart for WordPress) is a CSRF vulnerability affecting versions up to and including 5.4.8. Root cause: missing/incorrect nonce validation in the process_bulk_activate_product function allows unauthenticated attackers to bulk-activate products via forged requests, e.g., tricki...

4.3CVSS4.4AI score0.00241EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/06/09 6:48 a.m.28 views

CVE-2023-2895 WP EasyCart <= 5.4.8 - Cross-Site Request Forgery via process_bulk_activate_product

The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the processbulkactivateproduct function. This makes it possible for unauthenticated attackers to bulk activate products...

4.3CVSS4.5AI score0.00241EPSS
Exploits0References2
NVD
NVD
added 2023/06/09 6:16 a.m.18 views

CVE-2023-2891

The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the processdeleteproduct function. This makes it possible for unauthenticated attackers to delete products via a forged...

6.5CVSS6AI score0.00244EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2023/06/09 6:16 a.m.3 views

CVE-2023-2891

The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the processdeleteproduct function. This makes it possible for unauthenticated attackers to delete products via a forged...

6.5CVSS6.7AI score0.00244EPSS
Exploits0References3
Prion
Prion
added 2023/06/09 6:16 a.m.19 views

Cross site request forgery (csrf)

The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the processdeleteproduct function. This makes it possible for unauthenticated attackers to delete products via a forged...

4.3CVSS4.1AI score0.00244EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/06/09 5:33 a.m.11 views

CVE-2023-2891 WP EasyCart <= 5.4.8 - Cross-Site Request Forgery via process_delete_product

The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the processdeleteproduct function. This makes it possible for unauthenticated attackers to delete products via a forged...

6.5CVSS6.6AI score0.00244EPSS
Exploits0References2
CVE
CVE
added 2023/06/09 5:33 a.m.44 views

CVE-2023-2891

CVE-2023-2891 affects the WP EasyCart WordPress plugin prior to version 5.4.9. The issue is a Cross-Site Request Forgery in the process_delete_product function due to missing nonce validation, allowing unauthenticated attackers to delete products via forged requests if they can trick an admin. Th...

6.5CVSS4.4AI score0.00244EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder