CVE-2015-3421

Name of the Vulnerable Software and Affected Versions Wordpress Eshop plugin versions 6.3.11 and earlier

Description The issue concerns the eshop checkout function in the Wordpress Eshop plugin, which fails to validate variables in the "eshopcart" HTTP cookie. This allows remote attackers to perform cross-site scripting (XSS) attacks or disclose paths via crafted variables named after target PHP variables.

Recommendations For Wordpress Eshop plugin versions 6.3.11 and earlier, consider disabling the eshop checkout function in checkout.php until a patch is available. Restrict access to the "eshopcart" HTTP cookie to minimize the risk of exploitation. Avoid using crafted variables named after target PHP variables in the affected cookie until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.