Cross-Site Scripting Vulnerability in Eshop Plugin for WordPress
CVE-2015-3421

6.1MEDIUM

Key Information:

Vendor

Wordpress
Status
Eshop
Vendor
CVE Published:
21 July 2017

What is CVE-2015-3421?

The eshop_checkout function in the WordPress Eshop plugin allows for vulnerabilities due to improper validation of variables in the 'eshopcart' HTTP cookie. This flaw permits remote attackers to execute cross-site scripting (XSS) attacks by manipulating cookie data, potentially leading to the execution of malicious scripts in the user's browser. Additionally, the vulnerability may expose sensitive filesystem paths through crafted variable names that mimic target PHP variables.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://www.htbridge.com/advisory/HTB23255
x_refsource_MISC
http://www.securityfocus.com/bid/74477
vdb-entryx_refsource_BID

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.