The eshop plugin through 6.3.13 for WordPress has CSRF with resultant XSS via the wp-admin/admin.php?page=eshop-downloads.php title parameter.
References
Link | Resource |
---|---|
https://packetstormsecurity.com/files/133480/ | Exploit Third Party Advisory VDB Entry |
https://wordpress.org/plugins/eshop/#developers | Product Third Party Advisory |
https://wpvulndb.com/vulnerabilities/8180 | Exploit Third Party Advisory |
Configurations
History
No history.
Information
Published : 2019-09-26 00:15
Updated : 2024-02-04 20:39
NVD link : CVE-2015-9413
Mitre link : CVE-2015-9413
CVE.ORG link : CVE-2015-9413
JSON object : View
Products Affected
eshop_project
- eshop
CWE
CWE-352
Cross-Site Request Forgery (CSRF)