cleantalk
Vulnerabilities and Security Researches

Easy PayPal Shopping Cart, f7f554a34a82880b4ecbd6cef96968d88e3e5ae8

CVE, Research URL

f7f554a34a82880b4ecbd6cef96968d88e3e5ae8

Home page URL

Security reports for Easy PayPal Shopping Cart

Application

Easy PayPal Shopping Cart

Published on
May 25, 2022
Research Description
Easy PayPal Shopping Cart [easy-paypal-shopping-cart] < 1.1.10 Easy PayPal Shopping Cart <= 1.1.9 - Cross-Site Request Forgery to Cross-Site Scripting The Easy PayPal Shopping Cart for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.9. This is due to missing nonce validation on the wpepsc_plugin_options function. This makes it possible for unauthenticated attackers to modify the plugins setting and add malicious web scripts to the settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions
max 1.1.10.
Status
vulnerable
Previous vulnerability researches
Easy PayPal Shopping Cart (CVE-2023-47239) , Jun 07, 2024
Easy PayPal Shopping Cart (f7f554a34a82880b4ecbd6cef96968d88e3e5ae8) , Jun 07, 2024
Easy PayPal Shopping Cart (d9c154a32db8150cd5b35b089c8962452eb8b232) , Jun 16, 2026
New vulnerability
leenk.me (753d31765913b4d2dbb8af0a5512e5f1f8c70c61) , Jun 16, 2026
Social Hashtags (5abd4657-8a58-4d97-b8cb-b67235ab5b8a) , Jun 16, 2026
Social Hashtags (1965c7b04565befbb11c28b56cb6922733a47b03) , Jun 16, 2026
Social Hashtags (a7cf6766582e354e702766a86f85716127d19bdc) , Jun 16, 2026
Simple Calendar &#8211; Google Calendar Plugin (e98a6264-9c5a-417f-b2f8-bd0017b411a0) , Jun 16, 2026