The eshop plugin through 6.3.13 for WordPress has CSRF with resultant XSS via the wp-admin/admin.php?page=eshop-downloads.php title parameter.
References
Link | Resource |
---|---|
https://wordpress.org/plugins/eshop/#developers | Product Third Party Advisory |
https://wpvulndb.com/vulnerabilities/8180 | Exploit Third Party Advisory |
https://packetstormsecurity.com/files/133480/ | Exploit Third Party Advisory VDB Entry |
Configurations
Information
Published : 2019-09-25 17:15
Updated : 2019-09-27 05:35
NVD link : CVE-2015-9413
Mitre link : CVE-2015-9413
JSON object : View
CWE
CWE-352
Cross-Site Request Forgery (CSRF)
Products Affected
eshop_project
- eshop