CVE-2016-0769 is a set of SQL injection vulnerabilities in the eShop plugin 6.3.14 for WordPress, affecting eshop-orders.php. According to the CVE record, the issue was publicly disclosed on 2017-01-23 and carries a high severity score (CVSS 8.8). The described impact is serious: a remote administrator can execute arbitrary SQL through the delid parameter, and remote authenticated users can do the same th [truncated]
CVE-2016-0765 is a medium-severity cross-site scripting issue in the eShop plugin 6.3.14 for WordPress. According to NVD, the vulnerable code is in eshop-orders.php and the attack can be triggered through the page or action parameter. Because this is an XSS flaw, successful exploitation can let an attacker inject script or HTML into a victim’s browser session, most importantly affecting users who can be l [truncated]
