2 matches found
CVE-2023-2894
The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the processbulkdeactivateproduct function. This makes it possible for unauthenticated attackers to bulk deactivate...
CVE-2023-2894 WP EasyCart <= 5.4.8 - Cross-Site Request Forgery via process_bulk_deactivate_product
The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the processbulkdeactivateproduct function. This makes it possible for unauthenticated attackers to bulk deactivate...