CVE-2026-48868

The CVE-2026-48868 entry concerns the WordPress WordPress Simple Shopping Cart plugin (versions

WordPress Ecwid Shopping Cart plugin <= 7.0.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Rapid0nion in WordPress Plugin Ecwid Shopping Cart versions = 7.0.5...

CVE-2016-10951

The fs-shopping-cart plugin 2.07.02 for WordPress has SQL injection via the pid parameter...

CVE-2023-1124

The Shopping Cart & eCommerce Store WordPress plugin before 5.4.3 does not validate HTTP requests, allowing authenticated users with admin privileges to perform LFI attacks...

CVE-2025-3890

The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpcartbutton' shortcode in all versions up to, and including, 5.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...

WordPress Ecwid Shopping Cart plugin <= 7.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Ngô Thiên An ancorn from VNPT-VCI in WordPress Plugin Ecwid Shopping Cart versions = 7.0...

CVE-2024-3211

The Shopping Cart & eCommerce Store plugin for WordPress is vulnerable to SQL Injection via the 'productid' attribute of the ecaddtocart shortcode in all versions up to, and including, 5.6.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

CVE-2024-12712

CVE-2024-12712 affects the Shopping Cart & eCommerce Store (WordPress) plugin, citing a missing capability check on the webhook function that allowed unauthenticated modification of order statuses in all versions up to 5.7.8. Public sources from Red Hat and Wordfence indicate this was patched in ...

PT-2025-1934 · WordPress · Shopping Cart & Ecommerce Store

Name of the Vulnerable Software and Affected Versions: The Shopping Cart & eCommerce Store plugin for WordPress versions up to, and including, 5.7.8 Description: The issue is related to a missing capability check on the webhook function, allowing unauthenticated attackers to modify order statuses...

CVE-2024-12253 Simple Ecommerce Shopping Cart Plugin- Sell products through Paypal <= 3.1.2 - Missing Authorization to Authenticated (Subscriber+) Settings Update / Data Access

The Simple Ecommerce Shopping Cart Plugin- Sell products through Paypal plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'savesettings', 'exportcsv', and 'simpleecommcart-action' actions in all versions up to, and including, 3.1.2. This makes it...

PT-2024-17509 · WordPress · The Simple Ecommerce Shopping Cart Plugin

Name of the Vulnerable Software and Affected Versions: The Simple Ecommerce Shopping Cart Plugin- Sell products through Paypal plugin for WordPress versions up to, and including, 3.1.2 Description: The issue is related to a missing capability check on the 'save settings', 'export csv', and...

WordPress Shopping Cart & eCommerce Store plugin <= 5.6.3 - Authenticated (Contributor+) SQL Injection vulnerability

Authenticated Contributor+ SQL Injection vulnerability discovered by Krzysztof Zając in WordPress Plugin WP EasyCart versions = 5.6.3...

CVE-2023-24408

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Ecwid Ecommerce Ecwid Ecommerce Shopping Cart plugin = 6.11.4 versions...

CVE-2023-24408

CVE-2023-24408 affects the Ecwid Ecommerce Shopping Cart WordPress plugin, where a Stored XSS vulnerability can be triggered in versions

CVE-2023-1124

The Shopping Cart & eCommerce Store WordPress plugin before 5.4.3 does not validate HTTP requests, allowing authenticated users with admin privileges to perform LFI attacks...

CVE-2023-24377 WordPress Ecwid Shopping Cart Plugin <= 6.11.3 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Ecwid Ecommerce Ecwid Ecommerce Shopping Cart plugin = 6.11.3 versions...

WordPress plugin WordPress Simple Shopping Cart 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

CVE-2021-34645

The Shopping Cart & eCommerce Store WordPress plugin is vulnerable to Cross-Site Request Forgery via the savecurrencysettings function found in the /admin/inc/wpeasycartadmininitialsetup.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 5.1.0...

WordPress fs-shopping-cart plugin SQL Injection Vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in version 2.07.02 of the WordPress fs-shopping-cart plugin. The...

Sql injection

The fs-shopping-cart plugin 2.07.02 for WordPress has SQL injection via the pid parameter...