Lucene search
+L

4844 matches found

nuclei
nuclei
added 6 hours ago36 views

Joomla! Component Saber Cart 1.0.0.12 - Local File Inclusion

A directory traversal vulnerability in the Seber Cart comsebercart component 1.0.0.12 and 1.0.0.13 for Joomla!, when magicquotesgpc is disabled, allows remote attackers to read arbitrary files via a .. dot dot in the view parameter to index.php. id: CVE-2010-1313 info: name: Joomla! Component Sab...

4.3CVSS6.2AI score0.08684EPSS
Exploits1References4
nuclei
nuclei
added 6 hours ago19 views

Abandoned Cart Lite for WooCommerce < 5.2.0 - Cross-Site Scripting

The Abandoned Cart Lite for WooCommerce and Abandoned Cart Pro for WooCommerce plugins for WordPress are vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 5.1.3 and 7.12.0 respectively, due to insufficient input sanitization and output escaping. i...

7.2CVSS6.4AI score0.01353EPSS
Exploits1References4
nuclei
nuclei
added 6 hours ago19 views

Sunshine Photo Cart <= 3.2.5 - Reflected Cross-Site Scripting

WP Sunshine Sunshine Photo Cart versions up to 3.2.5 contain a reflected cross-site scripting caused by improper input neutralization during web page generation, letting attackers execute malicious scripts in users' browsers, exploit requires attacker to craft malicious input. id: CVE-2024-43971...

7.1CVSS6AI score0.00593EPSS
Exploits0References2
nuclei
nuclei
added 6 hours ago8 views

Sunshine Photo Cart <= 3.1.1 - Reflected Cross-Site Scripting

WP Sunshine Sunshine Photo Cart versions up to 3.1.1 contain a cross-site scripting caused by improper neutralization of input during web page generation, letting attackers execute malicious scripts in users' browsers, exploit requires attacker to craft malicious input. id: CVE-2024-30194 info:...

7.1CVSS7AI score0.00727EPSS
Exploits0References3
nuclei
nuclei
added 6 hours ago38 views

SPA-Cart eCommerce CMS 1.9.0.3 - Cross-Site Scripting

A vulnerability was found in SPA-Cart eCommerce CMS 1.9.0.3. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /search. The manipulation of the argument filterbrandid/filterprice leads to cross site scripting. The attack may be launched remotely...

6.1CVSS4.4AI score0.48533EPSS
Exploits4References5
cvelist
cvelist
added 7 hours ago13 views

CVE-2026-13755 Tickera <= 3.6.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'price_wrapper' Shortcode Attribute

The Tickera – Sell Tickets & Manage Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'pricewrapper' Shortcode Attribute in all versions up to, and including, 3.6.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS
Exploits0References5
euvd
euvd
added 7 hours ago5 views

EUVD-2026-44894

The Tickera – Sell Tickets & Manage Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'pricewrapper' Shortcode Attribute in all versions up to, and including, 3.6.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS6.3AI score
Exploits0References5
nvd
nvd
added 8 hours ago5 views

CVE-2026-12585

The Abandoned Cart Lite for WooCommerce WordPress plugin before 6.8.2 does not protect the integrity of its cart-recovery tokens or bind them to the requesting account, allowing unauthenticated attackers to forge a recovery link that logs them in as another user when the automatic-login option is...

Exploits0References1
cve
cve
added 9 hours ago13 views

CVE-2026-12585

Vulnerable component: Abandoned Cart Lite for WooCommerce (WordPress plugin) prior to version 6.8.2. Root cause: The plugin does not protect the integrity of cart-recovery tokens or bind them to the requesting account, allowing an unauthenticated attacker to forge a recovery link that logs in as ...

6.1AI score
Exploits0References1
euvd
euvd
added 9 hours ago4 views

EUVD-2026-44876

The Abandoned Cart Lite for WooCommerce WordPress plugin before 6.8.2 does not protect the integrity of its cart-recovery tokens or bind them to the requesting account, allowing unauthenticated attackers to forge a recovery link that logs them in as another user when the automatic-login option is...

6.1AI score
Exploits0References1
nvd
nvd
added 2 days ago5 views

CVE-2026-15703

A vulnerability was detected in SourceCodester Simple and Nice Shopping Cart Script 1.0. This vulnerability affects unknown code of the file /admin/userproductdeletequery.php. Performing a manipulation of the argument userid results in sql injection. It is possible to initiate the attack remotely...

7.5CVSS0.00328EPSS
Exploits0References6
cve
cve
added 2 days ago6 views

CVE-2026-15703

CVE-2026-15703 affects SourceCodester Simple and Nice Shopping Cart Script 1.0. The vulnerability exists in /admin/userproductdeletequery.php where manipulating the user_id parameter enables SQL injection. It can be exploited remotely and the exploit is publicly available. CVSS metrics indicate h...

7.5CVSS6.8AI score0.00328EPSS
Exploits0References6
cvelist
cvelist
added 2 days ago23 views

CVE-2026-15703 SourceCodester Simple and Nice Shopping Cart Script userproductdeletequery.php sql injection

A vulnerability was detected in SourceCodester Simple and Nice Shopping Cart Script 1.0. This vulnerability affects unknown code of the file /admin/userproductdeletequery.php. Performing a manipulation of the argument userid results in sql injection. It is possible to initiate the attack remotely...

7.5CVSS0.00328EPSS
Exploits0References6
nvd
nvd
added 3 days ago3 views

CVE-2026-57698

Authentication Bypass Using an Alternate Path or Channel vulnerability in VillaTheme Abandoned Cart Recovery for WooCommerce woo-abandoned-cart-recovery allows Authentication Abuse.This issue affects Abandoned Cart Recovery for WooCommerce: from n/a through = 1.1.12...

6.5CVSS0.00252EPSS
Exploits0References1
nvd
nvd
added 3 days ago3 views

CVE-2026-57417

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RexTheme Cart Lift cart-lift allows Stored XSS.This issue affects Cart Lift: from n/a through = 3.1.57...

7.1CVSS0.0018EPSS
Exploits0References1
cvelist
cvelist
added 3 days ago35 views

CVE-2026-57417 WordPress Cart Lift plugin <= 3.1.57 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RexTheme Cart Lift cart-lift allows Stored XSS.This issue affects Cart Lift: from n/a through = 3.1.57...

7.1CVSS0.0018EPSS
Exploits0References1
cvelist
cvelist
added 3 days ago28 views

CVE-2026-57698 WordPress Abandoned Cart Recovery for WooCommerce plugin <= 1.1.12 - Broken Authentication vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in VillaTheme Abandoned Cart Recovery for WooCommerce woo-abandoned-cart-recovery allows Authentication Abuse.This issue affects Abandoned Cart Recovery for WooCommerce: from n/a through = 1.1.12...

6.5CVSS0.00252EPSS
Exploits0References1
cve
cve
added 3 days ago9 views

CVE-2026-57417

CVE-2026-57417 concerns the WordPress Cart Lift plugin, affected versions are

7.1CVSS6.1AI score0.0018EPSS
Exploits0References1
cve
cve
added 3 days ago9 views

CVE-2026-57698

CVE-2026-57698 affects the WordPress plugin Abandoned Cart Recovery for WooCommerce (woo-abandoned-cart-recovery), with versions up to and including 1.1.12. The issue is an Authentication Bypass/Authentication Abuse via an alternate path or channel, enabling unauthorized access as described in th...

6.5CVSS6.1AI score0.00252EPSS
Exploits0References1
euvd
euvd
added 6 days ago5 views

EUVD-2026-43025

The Eventin – Event Calendar, Event Registration, Tickets & Booking AI Powered plugin for WordPress is vulnerable to authorization bypass due to a regression in versions from 4.0.26 up to and including 4.1.15. This is due to the plugin not properly verifying that a user is authorized to perform a...

5.3CVSS6.1AI score0.00257EPSS
Exploits0References2
Rows per page
Query Builder