Description
WordPress Plugin eShop is prone to a vulnerability that lets remote attackers inject and execute arbitrary code because the application fails to sanitize user-supplied input. Attackers can exploit this issue to execute arbitrary code within the context of the affected webserver process; this may result in total compromise of the web server. WordPress Plugin eShop version 6.3.11 is vulnerable; prior versions may also be affected.
Remediation
Edit the source code to ensure that input is properly validated or disable the plugin until a fix is available
References
https://www.htbridge.com/advisory/HTB23255
http://seclists.org/bugtraq/2015/May/34
http://cxsecurity.com/issue/WLB-2015050030
http://packetstormsecurity.com/files/131783/WordPress-eShop-6.3.11-Code-Execution.html
Related Vulnerabilities
WordPress Plugin Gravity Forms Salesforce Cross-Site Scripting (1.2.4)
XWiki Missing Authorization Vulnerability (CVE-2022-41929)
WordPress Plugin Comprehensive Google Map Cross-Site Request Forgery (9.1.3)
OpenSSL NULL Pointer Dereference Vulnerability (CVE-2021-3449)
WordPress Plugin RSVPMaker for Toastmasters Cross-Site Request Forgery (3.3.4)