Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wpeasycart vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2021-34645
The Shopping Cart & eCommerce Store WordPress plugin is vulnerable to Cross-Site Request Forgery via the save_currency_settings function found in the ~/admin/inc/wp_easycart_admin_initial_setup.php file which allows malicious users to inject arbitrary web scripts, in versions...
Wpeasycart Shopping Cart \\& Ecommerce Store
8.8
CVSSv3
CVE-2015-2673
The ec_ajax_update_option and ec_ajax_clear_all_taxrates functions in inc/admin/admin_ajax_functions.php in the WP EasyCart plugin 1.1.30 up to and including 3.0.20 for WordPress allow remote malicious users to gain administrator privileges and execute arbitrary code via the opti...
Wpeasycart Wp Easycart 1.2.9
Wpeasycart Wp Easycart 1.2.8
Wpeasycart Wp Easycart 1.2.7
Wpeasycart Wp Easycart 1.2.6
Wpeasycart Wp Easycart 2.0.2
Wpeasycart Wp Easycart 2.0.3
Wpeasycart Wp Easycart 2.0.4
Wpeasycart Wp Easycart 2.0.5
Wpeasycart Wp Easycart 2.0.20
Wpeasycart Wp Easycart 2.0.21
Wpeasycart Wp Easycart 2.0.22
Wpeasycart Wp Easycart 2.1.0
Wpeasycart Wp Easycart 2.1.13
Wpeasycart Wp Easycart 2.1.14
Wpeasycart Wp Easycart 2.1.15
Wpeasycart Wp Easycart 2.1.16
Wpeasycart Wp Easycart 2.1.17
Wpeasycart Wp Easycart 2.1.30
Wpeasycart Wp Easycart 2.1.31
Wpeasycart Wp Easycart 2.1.32
Wpeasycart Wp Easycart 2.1.33
Wpeasycart Wp Easycart 3.0.12
7.2
CVSSv3
CVE-2023-3023
The WP EasyCart plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in versions up to, and including, 5.4.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query...
Wpeasycart Wp Easycart
7.2
CVSSv3
CVE-2023-1124
The Shopping Cart & eCommerce Store WordPress plugin prior to 5.4.3 does not validate HTTP requests, allowing authenticated users with admin privileges to perform LFI attacks.
Wpeasycart Wp Easycart
4.3
CVSSv3
CVE-2023-2892
The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the process_bulk_delete_product function. This makes it possible for unauthenticated malicious users t...
Wpeasycart Wp Easycart
4.3
CVSSv3
CVE-2023-2893
The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the process_deactivate_product function. This makes it possible for unauthenticated malicious users to...
Wpeasycart Wp Easycart
4.3
CVSSv3
CVE-2023-2894
The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the process_bulk_deactivate_product function. This makes it possible for unauthenticated malicious use...
Wpeasycart Wp Easycart
4.3
CVSSv3
CVE-2023-2895
The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the process_bulk_activate_product function. This makes it possible for unauthenticated malicious users...
Wpeasycart Wp Easycart
4.3
CVSSv3
CVE-2023-2896
The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the process_duplicate_product function. This makes it possible for unauthenticated malicious users to ...
Wpeasycart Wp Easycart
4.3
CVSSv3
CVE-2023-2891
The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the process_delete_product function. This makes it possible for unauthenticated malicious users to del...
Wpeasycart Wp Easycart
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »