CyberSec.Space Logo
Back to CVE Browser

CVE-2016-0769

HIGH
8.8
CVSS Severity Score
EPSS Score0.0790%
EPSS Percentile44.25th
PublishedJan 23, 2017
Last ModifiedMay 13, 2026

Vulnerability Description

Multiple SQL injection vulnerabilities in eshop-orders.php in the eShop plugin 6.3.14 for WordPress allow (1) remote administrators to execute arbitrary SQL commands via the delid parameter or remote authenticated users to execute arbitrary SQL commands via the (2) view, (3) mark, or (4) change parameter.

Affected Platforms (CPE)

πŸ“¦
Elfden

Eshop Plugin

= 6.3.14

References & Advisories

πŸ”— http://www.openwall.com/lists/oss-security/2016/02/02/3
πŸ”— http://www.securityfocus.com/bid/82347
πŸ”— http://www.vapid.dhs.org/advisory.php?v=160
πŸ”— http://www.openwall.com/lists/oss-security/2016/02/02/3
πŸ”— http://www.securityfocus.com/bid/82347
πŸ”— http://www.vapid.dhs.org/advisory.php?v=160

Related Vulnerabilities

CVE-2015-94136.5

The eshop plugin through 6.3.13 for WordPress has CSRF with resultant XSS via the wp-admin/admin.php?page=eshop-downloads.php titl...

CVE-2015-34216.1

The eshop_checkout function in checkout.php in the Wordpress Eshop plugin 6.3.11 and earlier does not validate variables in the "e...

CVE-2016-07656.1

Multiple cross-site scripting (XSS) vulnerabilities in eshop-orders.php in the eShop plugin 6.3.14 for WordPress allow remote atta...

CVE-2014-45564.3

Cross-site scripting (XSS) vulnerability in test-plugin.php in the Swipe Checkout for eShop plugin 3.7.0 and earlier for WordPress...