Filtered by vendor Eshop Project
Subscribe
Search
Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-9413 | 1 Eshop Project | 1 Eshop | 2019-09-27 | 4.3 MEDIUM | 6.5 MEDIUM |
| The eshop plugin through 6.3.13 for WordPress has CSRF with resultant XSS via the wp-admin/admin.php?page=eshop-downloads.php title parameter. | |||||
| CVE-2015-3421 | 1 Eshop Project | 1 Eshop | 2017-07-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| The eshop_checkout function in checkout.php in the Wordpress Eshop plugin 6.3.11 and earlier does not validate variables in the "eshopcart" HTTP cookie, which allows remote attackers to perform cross-site scripting (XSS) attacks, or a path disclosure attack via crafted variables named after target PHP variables. | |||||