CVE-2015-9413

Name of the Vulnerable Software and Affected Versions eshop plugin for WordPress versions through 6.3.13

Description The issue concerns a CSRF with resultant XSS in the eshop plugin for WordPress. This occurs via the "title" parameter in the "/wp-admin/admin.php?page=eshop-downloads.php" API endpoint.

Recommendations For eshop plugin for WordPress versions through 6.3.13, update to a version later than 6.3.13 to resolve the issue. As a temporary workaround, consider restricting access to the "/wp-admin/admin.php?page=eshop-downloads.php" endpoint to minimize the risk of exploitation. Avoid using the title parameter in this endpoint until the issue is resolved.