Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 3:38 a.m.12 views

CVE-2023-2891

The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the processdeleteproduct function. This makes it possible for unauthenticated attackers to delete products via a forged...

6.5CVSS6.3AI score0.00244EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/06/09 5:33 a.m.11 views

CVE-2023-2891 WP EasyCart <= 5.4.8 - Cross-Site Request Forgery via process_delete_product

The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the processdeleteproduct function. This makes it possible for unauthenticated attackers to delete products via a forged...

6.5CVSS6.6AI score0.00244EPSS
Exploits0References2
CVE
CVE
added 2023/06/09 5:33 a.m.44 views

CVE-2023-2891

CVE-2023-2891 affects the WP EasyCart WordPress plugin prior to version 5.4.9. The issue is a Cross-Site Request Forgery in the process_delete_product function due to missing nonce validation, allowing unauthenticated attackers to delete products via forged requests if they can trick an admin. Th...

6.5CVSS4.4AI score0.00244EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/05/29 12:0 a.m.10 views

WordPress WP EasyCart Plugin <= 5.4.8 is vulnerable to Cross Site Request Forgery (CSRF)

Software WP EasyCart Type Plugin Vulnerable versions = 5.4.8 Fixed in 5.4.9 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-2891 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID c204f4284cba Credits Alex Thomas Required...

6.5CVSS7AI score0.00244EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder