CVE-2013-5977

Name of the Vulnerable Software and Affected Versions Cart66 Lite plugin versions prior to 1.5.1.15

Description A cross-site request forgery (CSRF) issue allows remote attackers to hijack the authentication of administrators for requests, enabling them to create or modify products, or conduct cross-site scripting (XSS) attacks. This can be achieved via the Product name or Price description field in a product save action through a request to "wp-admin/admin.php".

Recommendations For Cart66 Lite plugin versions prior to 1.5.1.15, update to version 1.5.1.15 or later to resolve the issue.