5 matches found
CVE-2023-2896
The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the processduplicateproduct function. This makes it possible for unauthenticated attackers to duplicate products via a...
CVE-2023-2896
CVE-2023-2896 affects the WP EasyCart WordPress plugin up to version 5.4.8. Root cause: missing or incorrect nonce validation in the process_duplicate_product function, enabling CSRF where unauthenticated attackers can induce a site admin to duplicate products via forged requests. Impact per sour...
CVE-2023-2896 WP EasyCart <= 5.4.8 - Cross-Site Request Forgery via process_duplicate_product
The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the processduplicateproduct function. This makes it possible for unauthenticated attackers to duplicate products via a...
CVE-2023-2896 WP EasyCart <= 5.4.8 - Cross-Site Request Forgery via process_duplicate_product
The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the processduplicateproduct function. This makes it possible for unauthenticated attackers to duplicate products via a...
WordPress WP EasyCart Plugin <= 5.4.8 is vulnerable to Cross Site Request Forgery (CSRF)
Software WP EasyCart Type Plugin Vulnerable versions = 5.4.8 Fixed in 5.4.9 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-2896 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 38d3a2d175fc Credits Alex Thomas Required...