Lucene search
+L

4846 matches found

Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.23 views

PT-2026-45707

Name of the Vulnerable Software and Affected Versions Easy Cart versions prior to 1.9 Description The Easy Cart plugin for WordPress contains a Stored Cross-Site Scripting issue. Authenticated attackers with Contributor-level access or higher can inject arbitrary web scripts into pages. This occu...

6.4CVSS5.5AI score0.00243EPSS
Exploits0References19
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.10 views

WordPress plugin Easy Cart 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.4CVSS5.2AI score0.00243EPSS
Exploits0References15
Patchstack
Patchstack
added 2026/06/01 7:45 p.m.16 views

WordPress Easy Cart plugin <= 1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zakaria in WordPress Plugin Easy Cart versions = 1.8...

6.4CVSS5.8AI score0.00243EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/05/25 11:16 p.m.16 views

CVE-2026-42776

Missing Authorization vulnerability in WP Sunshine Sunshine Photo Cart allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Sunshine Photo Cart: from n/a through 3.6.7...

6.3CVSS0.00202EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/25 10:32 p.m.7 views

CVE-2026-42776

Missing Authorization vulnerability in WP Sunshine Sunshine Photo Cart allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Sunshine Photo Cart: from n/a through 3.6.7...

6.3CVSS5.8AI score0.00202EPSS
Exploits0References2
CVE
CVE
added 2026/05/25 10:32 p.m.27 views

CVE-2026-42776

The CVE concerns WordPress Sunshine Photo Cart plugin

6.3CVSS5.8AI score0.00202EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/25 10:32 p.m.8 views

CVE-2026-42776 WordPress Sunshine Photo Cart plugin <= 3.6.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in WP Sunshine Sunshine Photo Cart allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Sunshine Photo Cart: from n/a through 3.6.7...

6.3CVSS5.8AI score0.00202EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/25 10:32 p.m.21 views

EUVD-2026-31750

Missing Authorization vulnerability in WP Sunshine Sunshine Photo Cart allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Sunshine Photo Cart: from n/a through 3.6.7...

6.3CVSS5.8AI score0.00202EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/25 10:32 p.m.26 views

CVE-2026-42776 WordPress Sunshine Photo Cart plugin <= 3.6.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in WP Sunshine Sunshine Photo Cart allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Sunshine Photo Cart: from n/a through 3.6.7...

6.3CVSS0.00202EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/25 12:0 a.m.19 views

PT-2026-43156

Name of the Vulnerable Software and Affected Versions Sunshine Photo Cart versions prior to 3.6.8 Description A missing authorization issue in the WP Sunshine Sunshine Photo Cart plugin allows for the exploitation of incorrectly configured access control security levels. This is a broken access...

6.3CVSS5.8AI score0.00202EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.10 views

WordPress plugin Sunshine Photo Cart 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

6.3CVSS5.8AI score0.00202EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Chromium

The use of “after free” in the Cart component in Google Chrome before version 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption through database corruption and a crafted HTML page. Chromium security severity: Medium...

8.8CVSS7.3AI score0.00452EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Chromium

Using “after free” in the Shopping Cart in Google Chrome before version 100.0.4896.60 allowed a remote attacker to potentially exploit heap corruption through standard feature user interactions...

8.8CVSS7AI score0.0073EPSS
Exploits1References2
NVD
NVD
added 2026/05/17 1:16 p.m.11 views

CVE-2018-25336

jCart for OpenCart 2.3.0.2 contains a cross-site request forgery vulnerability that allows attackers to modify user account information without authentication. Attackers can craft malicious HTML forms targeting endpoints , and to change user credentials, passwords, and affiliate account details...

6.9CVSS0.00191EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/17 12:11 p.m.14 views

EUVD-2018-21855

Joomla jCart for OpenCart 2.3.0.2 contains a cross-site request forgery vulnerability that allows attackers to modify user account information without authentication. Attackers can craft malicious HTML forms targeting endpoints , and to change user credentials, passwords, and affiliate account...

6.9CVSS5.7AI score0.00191EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/17 12:11 p.m.41 views

CVE-2018-25336 jCart for OpenCart 2.3.0.2 Cross-Site Request Forgery

jCart for OpenCart 2.3.0.2 contains a cross-site request forgery vulnerability that allows attackers to modify user account information without authentication. Attackers can craft malicious HTML forms targeting endpoints , and to change user credentials, passwords, and affiliate account details...

6.9CVSS0.00191EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/17 12:11 p.m.7 views

CVE-2018-25336

jCart for OpenCart 2.3.0.2 contains a cross-site request forgery vulnerability that allows attackers to modify user account information without authentication. Attackers can craft malicious HTML forms targeting endpoints , and to change user credentials, passwords, and affiliate account details...

6.9CVSS5.7AI score0.00191EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2026/05/15 7:17 p.m.45 views

CVE-2026-46408

Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.3, the checkout endpoint accepts a user-controlled cartid and uses it to enter the payment flow without verifying cart ownership. A logged-in attacker can therefore reuse another...

7.6CVSS0.002EPSS
Exploits0References1
NVD
NVD
added 2026/05/15 7:17 p.m.19 views

CVE-2026-44826

Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.2, Vvveb CMS does not validate the sign of the quantity parameter on the cart-add endpoint. Submitting a negative integer is accepted by the server and treated as a normal positi...

7.5CVSS0.00213EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/15 6:46 p.m.58 views

CVE-2026-46408 Vvveb: checkout IDOR allows unauthorized reuse of another user's cart

Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.3, the checkout endpoint accepts a user-controlled cartid and uses it to enter the payment flow without verifying cart ownership. A logged-in attacker can therefore reuse another...

7.6CVSS0.002EPSS
Exploits0References1
Rows per page
Query Builder