Wpeasycart

Wp Easycart

12 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2024-35667

  • EPSS 0.18%
  • Published 11.06.2024 15:16:08
  • Last modified 21.11.2024 09:20:37

Missing Authorization vulnerability in WP EasyCart.This issue affects WP EasyCart: from n/a through 5.5.19.

5.4

CVE-2024-32452

  • EPSS 0.12%
  • Published 15.04.2024 08:15:17
  • Last modified 21.11.2024 09:14:56

Cross-Site Request Forgery (CSRF) vulnerability in WP EasyCart.This issue affects WP EasyCart: from n/a through 5.5.19.

7.2

CVE-2023-3023

  • EPSS 0.21%
  • Published 12.07.2023 05:15:09
  • Last modified 21.11.2024 08:16:15

The WP EasyCart plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in versions up to, and including, 5.4.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the ...

4.3

CVE-2023-2893

  • EPSS 0.07%
  • Published 09.06.2023 07:15:10
  • Last modified 21.11.2024 07:59:30

The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the process_deactivate_product function. This makes it possible for unau...

4.3

CVE-2023-2894

Media report
  • EPSS 0.1%
  • Published 09.06.2023 07:15:10
  • Last modified 21.11.2024 07:59:30

The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the process_bulk_deactivate_product function. This makes it possible for...

4.3

CVE-2023-2895

  • EPSS 0.07%
  • Published 09.06.2023 07:15:10
  • Last modified 21.11.2024 07:59:30

The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the process_bulk_activate_product function. This makes it possible for u...

4.3

CVE-2023-2896

  • EPSS 0.07%
  • Published 09.06.2023 07:15:10
  • Last modified 21.11.2024 07:59:31

The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the process_duplicate_product function. This makes it possible for unaut...

4.3

CVE-2023-2892

  • EPSS 0.07%
  • Published 09.06.2023 07:15:09
  • Last modified 21.11.2024 07:59:30

The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the process_bulk_delete_product function. This makes it possible for una...

4.3

CVE-2023-2891

  • EPSS 0.07%
  • Published 09.06.2023 06:16:12
  • Last modified 21.11.2024 07:59:30

The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the process_delete_product function. This makes it possible for unauthen...

7.2

CVE-2023-1124

Exploit
  • EPSS 0.43%
  • Published 03.04.2023 15:15:18
  • Last modified 14.02.2025 17:15:13

The Shopping Cart & eCommerce Store WordPress plugin before 5.4.3 does not validate HTTP requests, allowing authenticated users with admin privileges to perform LFI attacks.