CVE-2021-34645

Name of the Vulnerable Software and Affected Versions: The Shopping Cart & eCommerce Store WordPress plugin versions up to and including 5.1.0

Description: The issue is related to Cross-Site Request Forgery, allowing attackers to inject arbitrary web scripts via the save currency settings function found in the ~/admin/inc/wp easycart admin initial setup.php file.

Recommendations: For versions up to and including 5.1.0, update to a version later than 5.1.0 to resolve the issue. As a temporary workaround, consider disabling the save currency settings function until a patch is available.