4 matches found
CVE-2023-2891
The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the processdeleteproduct function. This makes it possible for unauthenticated attackers to delete products via a forged...
CVE-2023-2891 WP EasyCart <= 5.4.8 - Cross-Site Request Forgery via process_delete_product
The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the processdeleteproduct function. This makes it possible for unauthenticated attackers to delete products via a forged...
CVE-2023-2891
CVE-2023-2891 affects the WP EasyCart WordPress plugin prior to version 5.4.9. The issue is a Cross-Site Request Forgery in the process_delete_product function due to missing nonce validation, allowing unauthenticated attackers to delete products via forged requests if they can trick an admin. Th...
WordPress WP EasyCart Plugin <= 5.4.8 is vulnerable to Cross Site Request Forgery (CSRF)
Software WP EasyCart Type Plugin Vulnerable versions = 5.4.8 Fixed in 5.4.9 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-2891 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID c204f4284cba Credits Alex Thomas Required...