VYPR
Medium severity6.1NVD Advisory· Published Jul 21, 2017· Updated Jun 17, 2026

CVE-2015-3421

CVE-2015-3421

Description

The eshop_checkout function in checkout.php in the Wordpress Eshop plugin 6.3.11 and earlier does not validate variables in the "eshopcart" HTTP cookie, which allows remote attackers to perform cross-site scripting (XSS) attacks, or a path disclosure attack via crafted variables named after target PHP variables.

Affected products

2

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.