CyberSec.Space Logo
Back to CVE Browser

CVE-2016-0765

MEDIUM
6.1
CVSS Severity Score
EPSS Score0.1900%
EPSS Percentile17.26th
PublishedJan 23, 2017
Last ModifiedMay 13, 2026

Vulnerability Description

Multiple cross-site scripting (XSS) vulnerabilities in eshop-orders.php in the eShop plugin 6.3.14 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) page or (2) action parameter.

Affected Platforms (CPE)

πŸ“¦
Elfden

Eshop Plugin

= 6.3.14

References & Advisories

πŸ”— http://www.openwall.com/lists/oss-security/2016/02/02/3
πŸ”— http://www.securityfocus.com/bid/82347
πŸ”— http://www.vapid.dhs.org/advisory.php?v=160
πŸ”— http://www.openwall.com/lists/oss-security/2016/02/02/3
πŸ”— http://www.securityfocus.com/bid/82347
πŸ”— http://www.vapid.dhs.org/advisory.php?v=160

Related Vulnerabilities

CVE-2016-07698.8

Multiple SQL injection vulnerabilities in eshop-orders.php in the eShop plugin 6.3.14 for WordPress allow (1) remote administrator...

CVE-2015-94136.5

The eshop plugin through 6.3.13 for WordPress has CSRF with resultant XSS via the wp-admin/admin.php?page=eshop-downloads.php titl...

CVE-2015-34216.1

The eshop_checkout function in checkout.php in the Wordpress Eshop plugin 6.3.11 and earlier does not validate variables in the "e...

CVE-2014-45564.3

Cross-site scripting (XSS) vulnerability in test-plugin.php in the Swipe Checkout for eShop plugin 3.7.0 and earlier for WordPress...