Wpeasycart

Wp Easycart

12 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2024-35667

  • EPSS 0.18%
  • Veröffentlicht 11.06.2024 15:16:08
  • Zuletzt bearbeitet 21.11.2024 09:20:37

Missing Authorization vulnerability in WP EasyCart.This issue affects WP EasyCart: from n/a through 5.5.19.

5.4

CVE-2024-32452

  • EPSS 0.12%
  • Veröffentlicht 15.04.2024 08:15:17
  • Zuletzt bearbeitet 21.11.2024 09:14:56

Cross-Site Request Forgery (CSRF) vulnerability in WP EasyCart.This issue affects WP EasyCart: from n/a through 5.5.19.

7.2

CVE-2023-3023

  • EPSS 0.21%
  • Veröffentlicht 12.07.2023 05:15:09
  • Zuletzt bearbeitet 21.11.2024 08:16:15

The WP EasyCart plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in versions up to, and including, 5.4.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the ...

4.3

CVE-2023-2893

  • EPSS 0.07%
  • Veröffentlicht 09.06.2023 07:15:10
  • Zuletzt bearbeitet 21.11.2024 07:59:30

The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the process_deactivate_product function. This makes it possible for unau...

4.3

CVE-2023-2894

Medienbericht
  • EPSS 0.1%
  • Veröffentlicht 09.06.2023 07:15:10
  • Zuletzt bearbeitet 21.11.2024 07:59:30

The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the process_bulk_deactivate_product function. This makes it possible for...

4.3

CVE-2023-2895

  • EPSS 0.07%
  • Veröffentlicht 09.06.2023 07:15:10
  • Zuletzt bearbeitet 21.11.2024 07:59:30

The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the process_bulk_activate_product function. This makes it possible for u...

4.3

CVE-2023-2896

  • EPSS 0.07%
  • Veröffentlicht 09.06.2023 07:15:10
  • Zuletzt bearbeitet 21.11.2024 07:59:31

The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the process_duplicate_product function. This makes it possible for unaut...

4.3

CVE-2023-2892

  • EPSS 0.07%
  • Veröffentlicht 09.06.2023 07:15:09
  • Zuletzt bearbeitet 21.11.2024 07:59:30

The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the process_bulk_delete_product function. This makes it possible for una...

4.3

CVE-2023-2891

  • EPSS 0.07%
  • Veröffentlicht 09.06.2023 06:16:12
  • Zuletzt bearbeitet 21.11.2024 07:59:30

The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the process_delete_product function. This makes it possible for unauthen...

7.2

CVE-2023-1124

Exploit
  • EPSS 0.43%
  • Veröffentlicht 03.04.2023 15:15:18
  • Zuletzt bearbeitet 14.02.2025 17:15:13

The Shopping Cart & eCommerce Store WordPress plugin before 5.4.3 does not validate HTTP requests, allowing authenticated users with admin privileges to perform LFI attacks.