23 matches found
Shopping Cart & eCommerce Store < 5.2.5 - Arbitrary Design Settings Update via CSRF
The plugin is lacking CSRF checks in various AJAX actions, such as ecadminajaxsavedesignsettings, which could allow attackers to make a logged in admin update arbitrary settings To disable the Live Design Editor To set the custom CSS setting to body background-color: red;...
Cross site request forgery (csrf)
The Shopping Cart & eCommerce Store WordPress plugin is vulnerable to Cross-Site Request Forgery via the savecurrencysettings function found in the /admin/inc/wpeasycartadmininitialsetup.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 5.1.0...
WordPress plugin Shopping Cart & eCommerce Store 跨站请求伪造漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on PHP and MySQL servers.WordPress plugin is an open source application plugin for WordPress. Cross-site request forgery vulnerability exists in...