RSS   Vulnerabilities for 'Eshop'   RSS

2019-09-25
 
CVE-2015-9413

CWE-352
 

 
The eshop plugin through 6.3.13 for WordPress has CSRF with resultant XSS via the wp-admin/admin.php?page=eshop-downloads.php title parameter.

 
2017-07-21
 
CVE-2015-3421

 

 
The eshop_checkout function in checkout.php in the Wordpress Eshop plugin 6.3.11 and earlier does not validate variables in the "eshopcart" HTTP cookie, which allows remote attackers to perform cross-site scripting (XSS) attacks, or a path disclosure attack via crafted variables named after target PHP variables.

 


Copyright 2024, cxsecurity.com

 

Back to Top