CVE-2023-1431

2023-03-1613:15:10

[email protected]

web.nvd.nist.gov

wp simple shopping cart

wordpress

sensitive information exposure

vulnerability

data privacy

cybersecurity

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

32.4%

JSON

The WP Simple Shopping Cart plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.6.3 due to the plugin saving shopping cart data exports in a publicly accessible location (/wp-content/plugins/wordpress-simple-paypal-shopping-cart/includes/admin/). This makes it possible for unauthenticated attackers to view information that should be limited to administrators only and can include data like first name, last name, email, address, IP Address, and more.

Affected configurations

Vulners

NVD

Node

wptipsntrickswordpress_simple_shopping_cartMatch4.6.3

CPENameOperatorVersion
tipsandtricks-hq:wordpress_simple_paypal_shopping_carttipsandtricks-hq wordpress simple paypal shopping cartle4.6.3

CPE	Name	Operator	Version
tipsandtricks-hq:wordpress_simple_paypal_shopping_cart	tipsandtricks-hq wordpress simple paypal shopping cart	le	4.6.3

CNA Affected

[
  {
    "vendor": "wptipsntricks",
    "product": "WordPress Simple Shopping Cart",
    "versions": [
      {
        "version": "4.6.3",
        "status": "affected"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2878855%40wordpress-simple-paypal-shopping-cart&new=2878855%40wordpress-simple-paypal-shopping-cart&sfp_email=&sfph_mail=

www.wordfence.com/threat-intel/vulnerabilities/id/ea4453bc-557b-4abf-85c6-4aecfd8f4012?source=cve