Vulnerabilities > Wpeasycart > WP Easycart > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-03 | CVE-2023-1124 | Unspecified vulnerability in Wpeasycart WP Easycart The Shopping Cart & eCommerce Store WordPress plugin before 5.4.3 does not validate HTTP requests, allowing authenticated users with admin privileges to perform LFI attacks. | 7.2 |
| 2017-10-06 | CVE-2015-2673 | Permissions, Privileges, and Access Controls vulnerability in Wpeasycart WP Easycart The ec_ajax_update_option and ec_ajax_clear_all_taxrates functions in inc/admin/admin_ajax_functions.php in the WP EasyCart plugin 1.1.30 through 3.0.20 for WordPress allow remote attackers to gain administrator privileges and execute arbitrary code via the option_name and option_value parameters. | 8.8 |