VDB-ID: 160 Title: Reflected XSS & Blind SQLi in wordpress plugin eshop v6.3.14 Vulnerability Date: 2016-01-27 Download: https://wordpress.org/plugins/eshop Vendor: Richard Pedley Notified: 2016-01-29 Vendor Contact: http://elfden.co.uk/ Description: An accessible Shopping Cart plugin. eShop is an accessible shopping cart plugin for WordPress, packed with various features. Vulnerability: The following code snippets do not sanitize user input before passing back to the browser via $_GET request. http://plugins.svn.wordpress.org/eshop/trunk/eshop-orders.php From eshop-orders.php XSS via page & action variables: 144 $apge=get_admin_url().'admin.php?page='.$_GET['page'].'&action='.$_GET['action']; 145 echo '
'; 244 303 $phpself='?page='.$_GET['page']; . 503 echo "