WordPress Plugin Vulnerabilities

Ultra Simple Paypal Shopping Cart <= 4.4 - Cross-Site Request Forgery (CSRF)

Description

The WordPress Ultra Simple Paypal Shopping Cart WordPress plugin was affected by a Cross-Site Request Forgery (CSRF) security vulnerability.

Affects Plugins

Plugin icon
wp-ultra-simple-paypal-shopping-cart
Fixed in 4.5

References

CVE
CVE-2019-5992
URL
https://jvn.jp/en/jp/JVN48981892/index.html

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
8.8 (high)

Miscellaneous

Original Researcher
Yuta Kikuchi of Cryptography Laboratory
Verified
No
WPVDB ID
e828fd80-e240-46f3-a0b3-155e95998ef3

Timeline

Publicly Published
2019-07-16 (about 6 years ago)
Added
2019-07-16 (about 6 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2026-02-11
Title
Corpiva < 1.0.97 - Cross-Site Request Forgery
Published
2024-12-12
Title
Themify Store Locator < 1.2.0 - Cross-Site Request Forgery
Published
2024-06-21
Title
FS Poster < 6.5.9 - Cross-Site Request Forgery
Published
2025-05-07
Title
GPT3 AI Content Writer < 1.9.15 - Cross-Site Request Forgery
Published
2024-05-07
Title
Joli FAQ SEO – WordPress FAQ Plugin < 1.3.3 - Cross-Site Request Forgery