Vulnerabilities > Eshop Project > Eshop > 2.8.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-09-26 | CVE-2015-9413 | Cross-Site Request Forgery (CSRF) vulnerability in Eshop Project Eshop The eshop plugin through 6.3.13 for WordPress has CSRF with resultant XSS via the wp-admin/admin.php?page=eshop-downloads.php title parameter. | 4.3 |
| 2017-07-21 | CVE-2015-3421 | Cross-site Scripting vulnerability in Eshop Project Eshop The eshop_checkout function in checkout.php in the Wordpress Eshop plugin 6.3.11 and earlier does not validate variables in the "eshopcart" HTTP cookie, which allows remote attackers to perform cross-site scripting (XSS) attacks, or a path disclosure attack via crafted variables named after target PHP variables. | 4.3 |