The plugin does not properly escape user-supplied ‘orderby’ parameter and lacks adequate preparation of SQL queries. This results in possible appending of additional SQL queries into pre-existing ones, potentially leading to extraction of sensitive data from the database.
CPE | Name | Operator | Version |
---|---|---|---|
wp-easycart | lt | 5.4.11 |