High-Tech Bridge Security Research Lab has identified a vulnerability in the eShop plugin for WordPress websites – version 6.3.11 and likely lower – that can be exploited to “overwrite arbitrary PHP variables within the context of the vulnerable application,” according to a Tuesday release.
“The vulnerability exists due to insufficient validation of user-supplied input in “eshopcart” HTTP cookie,” the release states, going on to add that these types of issues typically enable remote code execution, but “in this case we can only overwrite string variables within the scope of 'eshop_checkout()' function in '/wp-content/plugins/eshop/checkout.php' file.”
As a result, the plugin is vulnerable to full path disclosure and cross-site scripting, according to the release.
High-Tech Bridge notified the vendor numerous times beginning on April 15, but did not hear back. The security research team was unaware of a solution to the vulnerability.