EUVD-2023-34338

Malicious code in bioql PyPI...

EUVD-2023-34339

Malicious code in bioql PyPI...

EUVD-2023-34337

Malicious code in bioql PyPI...

EUVD-2023-34342

Malicious code in bioql PyPI...

CVE-2023-2894

The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the processbulkdeactivateproduct function. This makes it possible for unauthenticated attackers to bulk deactivate...

CVE-2023-2892

The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the processbulkdeleteproduct function. This makes it possible for unauthenticated attackers to bulk delete products via...

WordPress WP EasyCart Plugin <= 5.6.3 is vulnerable to SQL Injection

Software WP EasyCart Type Plugin Vulnerable versions = 5.6.3 Fixed in 5.6.4 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-3211 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 68d2c07621df Credits Krzysztof Zając Required privilege Contributor Publish...

CVE-2023-3023

The WP EasyCart plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in versions up to, and including, 5.4.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

CVE-2023-2892 WP EasyCart <= 5.4.8 - Cross-Site Request Forgery via process_bulk_delete_product

The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the processbulkdeleteproduct function. This makes it possible for unauthenticated attackers to bulk delete products via...

CVE-2023-2893

The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the processdeactivateproduct function. This makes it possible for unauthenticated attackers to deactivate products via ...

CVE-2015-2673

The ecajaxupdateoption and ecajaxclearalltaxrates functions in inc/admin/adminajaxfunctions.php in the WP EasyCart plugin 1.1.30 through 3.0.20 for WordPress allow remote attackers to gain administrator privileges and execute arbitrary code via the optionname and optionvalue parameters...

CVE-2015-2673

CVE-2015-2673 affects the WordPress WP EasyCart plugin (versions 1.1.30–3.0.20). The vulnerability resides in ec_ajax_update_option and ec_ajax_clear_all_taxrates in inc/admin/admin_ajax_functions.php, where lack of input validation allows authenticated users to modify any system option, enabling...

Unrestricted file upload

Unrestricted file upload vulnerability in inc/amfphp/administration/banneruploaderscript.php in the WP EasyCart aka WordPress Shopping Cart plugin before 3.0.9 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a...