Vulnerability Details CVE-2021-34645
The Shopping Cart & eCommerce Store WordPress plugin is vulnerable to Cross-Site Request Forgery via the save_currency_settings function found in the ~/admin/inc/wp_easycart_admin_initial_setup.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 5.1.0.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 30.0%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.8
References
- https://plugins.trac.wordpress.org/browser/wp-easycart/trunk/admin/inc/wp_easycart_admin_initial_setup.php?rev=2463792#L240
- https://wordfence.com/vulnerability-advisories/#CVE-2021-34645
- https://plugins.trac.wordpress.org/browser/wp-easycart/trunk/admin/inc/wp_easycart_admin_initial_setup.php?rev=2463792#L240
- https://wordfence.com/vulnerability-advisories/#CVE-2021-34645
Products affected by CVE-2021-34645
-
cpe:2.3:a:wpeasycart:shopping_cart_&_ecommerce_store:*