CyberSec.Space Logo
Back to CVE Browser

CVE-2015-9413

MEDIUM
6.5
CVSS Severity Score
EPSS Score0.1750%
EPSS Percentile39.70th
PublishedSep 26, 2019
Last ModifiedNov 21, 2024

Vulnerability Description

The eshop plugin through 6.3.13 for WordPress has CSRF with resultant XSS via the wp-admin/admin.php?page=eshop-downloads.php title parameter.

Affected Platforms (CPE)

πŸ“¦
Eshop Project

Eshop

<= 6.3.13

References & Advisories

πŸ”— https://packetstormsecurity.com/files/133480/
πŸ”— https://wordpress.org/plugins/eshop/#developers
πŸ”— https://wpvulndb.com/vulnerabilities/8180
πŸ”— https://packetstormsecurity.com/files/133480/
πŸ”— https://wordpress.org/plugins/eshop/#developers
πŸ”— https://wpvulndb.com/vulnerabilities/8180

Related Vulnerabilities

CVE-2003-050910.0

SQL injection vulnerability in Cyberstrong eShop 4.2 and earlier allows remote attackers to steal authentication information and g...

CVE-2009-311210.0

Unspecified vulnerability in OXID eShop Professional, Enterprise, and Community Edition before 4.1.0 allows remote attackers to ga...

CVE-2019-130269.8

OXID eShop 6.0.x before 6.0.5 and 6.1.x before 6.1.4 allows SQL Injection via a crafted URL, leading to full access by an attacker...

CVE-2019-170628.8

An issue was discovered in OXID eShop 6.x before 6.0.6 and 6.1.x before 6.1.5, OXID eShop Enterprise Edition Version 5.2.x-5.3.x, ...