Medium severity6.1NVD Advisory· Published Jul 21, 2017· Updated Jun 17, 2026
CVE-2015-3421
CVE-2015-3421
Description
The eshop_checkout function in checkout.php in the Wordpress Eshop plugin 6.3.11 and earlier does not validate variables in the "eshopcart" HTTP cookie, which allows remote attackers to perform cross-site scripting (XSS) attacks, or a path disclosure attack via crafted variables named after target PHP variables.
Affected products
2Patches
Vulnerability mechanics
References
2- www.securityfocus.com/bid/74477nvdThird Party AdvisoryVDB Entry
- www.htbridge.com/advisory/HTB23255nvdThird Party Advisory
News mentions
0No linked articles in our index yet.