Vulnerability-Lookup - Search a vulnerability

Vulnerabilites related to Unknown - eCommerce Product Catalog Plugin for WordPress

CVE-2023-5979 (GCVE-0-2023-5979)

Vulnerability from cvelistv5

Published

2023-12-04 21:27

Modified

2024-08-02 08:14

Severity ?

CWE

CWE-352 Cross-Site Request Forgery (CSRF)

Summary

The eCommerce Product Catalog Plugin for WordPress plugin before 3.3.26 does not have CSRF checks in some of its admin pages, which could allow attackers to make logged-in users perform unwanted actions via CSRF attacks, such as delete all products

References

▼	URL	Tags
	https://wpscan.com/vulnerability/936934c3-5bfe-416e-b6aa-47bed4db05c4	exploit, vdb-entry, technical-description

Impacted products

	Vendor	Product	Version
	Unknown	eCommerce Product Catalog Plugin for WordPress	Version: 0 ≤

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T08:14:25.132Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "exploit",
              "vdb-entry",
              "technical-description",
              "x_transferred"
            ],
            "url": "https://wpscan.com/vulnerability/936934c3-5bfe-416e-b6aa-47bed4db05c4"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://wordpress.org/plugins",
          "defaultStatus": "unaffected",
          "product": "eCommerce Product Catalog Plugin for WordPress",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "3.3.26",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Krzysztof Zaj\u0105c (CERT PL)"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "WPScan"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The eCommerce Product Catalog Plugin for WordPress plugin before 3.3.26 does not have CSRF checks in some of its admin pages, which could allow attackers to make logged-in users perform unwanted actions via CSRF attacks, such as delete all products"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-352 Cross-Site Request Forgery (CSRF)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-12-04T21:27:37.654Z",
        "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "shortName": "WPScan"
      },
      "references": [
        {
          "tags": [
            "exploit",
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://wpscan.com/vulnerability/936934c3-5bfe-416e-b6aa-47bed4db05c4"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "eCommerce Product Catalog Plugin for WordPress \u003c 3.3.26 - Products Deletion via CSRF",
      "x_generator": {
        "engine": "WPScan CVE Generator"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
    "assignerShortName": "WPScan",
    "cveId": "CVE-2023-5979",
    "datePublished": "2023-12-04T21:27:37.654Z",
    "dateReserved": "2023-11-07T03:18:36.255Z",
    "dateUpdated": "2024-08-02T08:14:25.132Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-24875 (GCVE-0-2021-24875)