4844 matches found
CVE-2026-13755 Tickera <= 3.6.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'price_wrapper' Shortcode Attribute
The Tickera – Sell Tickets & Manage Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'pricewrapper' Shortcode Attribute in all versions up to, and including, 3.6.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
EUVD-2026-44894
The Tickera – Sell Tickets & Manage Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'pricewrapper' Shortcode Attribute in all versions up to, and including, 3.6.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
CVE-2026-12585
The Abandoned Cart Lite for WooCommerce WordPress plugin before 6.8.2 does not protect the integrity of its cart-recovery tokens or bind them to the requesting account, allowing unauthenticated attackers to forge a recovery link that logs them in as another user when the automatic-login option is...
EUVD-2026-44876
The Abandoned Cart Lite for WooCommerce WordPress plugin before 6.8.2 does not protect the integrity of its cart-recovery tokens or bind them to the requesting account, allowing unauthenticated attackers to forge a recovery link that logs them in as another user when the automatic-login option is...
CVE-2026-12585
Vulnerable component: Abandoned Cart Lite for WooCommerce (WordPress plugin) prior to version 6.8.2. Root cause: The plugin does not protect the integrity of cart-recovery tokens or bind them to the requesting account, allowing an unauthenticated attacker to forge a recovery link that logs in as ...
Abandoned Cart Lite for WooCommerce < 5.2.0 - Cross-Site Scripting
The Abandoned Cart Lite for WooCommerce and Abandoned Cart Pro for WooCommerce plugins for WordPress are vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 5.1.3 and 7.12.0 respectively, due to insufficient input sanitization and output escaping. i...
Joomla! Component Saber Cart 1.0.0.12 - Local File Inclusion
A directory traversal vulnerability in the Seber Cart comsebercart component 1.0.0.12 and 1.0.0.13 for Joomla!, when magicquotesgpc is disabled, allows remote attackers to read arbitrary files via a .. dot dot in the view parameter to index.php. id: CVE-2010-1313 info: name: Joomla! Component Sab...
Sunshine Photo Cart <= 3.1.1 - Reflected Cross-Site Scripting
WP Sunshine Sunshine Photo Cart versions up to 3.1.1 contain a cross-site scripting caused by improper neutralization of input during web page generation, letting attackers execute malicious scripts in users' browsers, exploit requires attacker to craft malicious input. id: CVE-2024-30194 info:...
Sunshine Photo Cart <= 3.2.5 - Reflected Cross-Site Scripting
WP Sunshine Sunshine Photo Cart versions up to 3.2.5 contain a reflected cross-site scripting caused by improper input neutralization during web page generation, letting attackers execute malicious scripts in users' browsers, exploit requires attacker to craft malicious input. id: CVE-2024-43971...
CVE-2026-15703
A vulnerability was detected in SourceCodester Simple and Nice Shopping Cart Script 1.0. This vulnerability affects unknown code of the file /admin/userproductdeletequery.php. Performing a manipulation of the argument userid results in sql injection. It is possible to initiate the attack remotely...
CVE-2026-15703 SourceCodester Simple and Nice Shopping Cart Script userproductdeletequery.php sql injection
A vulnerability was detected in SourceCodester Simple and Nice Shopping Cart Script 1.0. This vulnerability affects unknown code of the file /admin/userproductdeletequery.php. Performing a manipulation of the argument userid results in sql injection. It is possible to initiate the attack remotely...
CVE-2026-15703
CVE-2026-15703 affects SourceCodester Simple and Nice Shopping Cart Script 1.0. The vulnerability exists in /admin/userproductdeletequery.php where manipulating the user_id parameter enables SQL injection. It can be exploited remotely and the exploit is publicly available. CVSS metrics indicate h...
SPA-Cart eCommerce CMS 1.9.0.3 - Cross-Site Scripting
A vulnerability was found in SPA-Cart eCommerce CMS 1.9.0.3. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /search. The manipulation of the argument filterbrandid/filterprice leads to cross site scripting. The attack may be launched remotely...
CVE-2026-57698
Authentication Bypass Using an Alternate Path or Channel vulnerability in VillaTheme Abandoned Cart Recovery for WooCommerce woo-abandoned-cart-recovery allows Authentication Abuse.This issue affects Abandoned Cart Recovery for WooCommerce: from n/a through = 1.1.12...
CVE-2026-57417
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RexTheme Cart Lift cart-lift allows Stored XSS.This issue affects Cart Lift: from n/a through = 3.1.57...
CVE-2026-57417 WordPress Cart Lift plugin <= 3.1.57 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RexTheme Cart Lift cart-lift allows Stored XSS.This issue affects Cart Lift: from n/a through = 3.1.57...
CVE-2026-57698 WordPress Abandoned Cart Recovery for WooCommerce plugin <= 1.1.12 - Broken Authentication vulnerability
Authentication Bypass Using an Alternate Path or Channel vulnerability in VillaTheme Abandoned Cart Recovery for WooCommerce woo-abandoned-cart-recovery allows Authentication Abuse.This issue affects Abandoned Cart Recovery for WooCommerce: from n/a through = 1.1.12...
CVE-2026-57417
CVE-2026-57417 concerns the WordPress Cart Lift plugin, affected versions are
CVE-2026-57698
CVE-2026-57698 affects the WordPress plugin Abandoned Cart Recovery for WooCommerce (woo-abandoned-cart-recovery), with versions up to and including 1.1.12. The issue is an Authentication Bypass/Authentication Abuse via an alternate path or channel, enabling unauthorized access as described in th...
EUVD-2026-43025
The Eventin – Event Calendar, Event Registration, Tickets & Booking AI Powered plugin for WordPress is vulnerable to authorization bypass due to a regression in versions from 4.0.26 up to and including 4.1.15. This is due to the plugin not properly verifying that a user is authorized to perform a...