Headline
CVE-2023-2891: Changeset 2917958 for wp-easycart – WordPress Plugin Repository
The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the process_delete_product function. This makes it possible for unauthenticated attackers to delete products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Changeset view not shown, since the total size (24.7 MB) exceeds 4.0 MB
Note: See TracChangeset for help on using the changeset viewer.