4 matches found
CVE-2023-2893
The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the processdeactivateproduct function. This makes it possible for unauthenticated attackers to deactivate products via ...
CVE-2023-2893
The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the processdeactivateproduct function. This makes it possible for unauthenticated attackers to deactivate products via ...
CVE-2023-2893 WP EasyCart <= 5.4.8 - Cross-Site Request Forgery via process_deactivate_product
The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the processdeactivateproduct function. This makes it possible for unauthenticated attackers to deactivate products via ...
CVE-2023-2893
CVE-2023-2893 affects the WP EasyCart WordPress plugin up to version 5.4.8. Root cause: missing or incorrect nonce validation in the process_deactivate_product function enables CSRF, allowing unauthenticated attackers to deactivate products via forged admin actions. Impact: potential unauthorized...