Lucene search
K

90 matches found

EUVD
EUVD
added 2026/06/15 8:18 p.m.7 views

EUVD-2026-36847

Unauthenticated Insecure Direct Object References IDOR in Simple Shopping Cart = 5.2.9 versions...

7.5CVSS5.2AI score0.00278EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 8:18 p.m.24 views

CVE-2026-48868 WordPress Simple Shopping Cart plugin <= 5.2.9 - Insecure Direct Object References (IDOR) vulnerability

Unauthenticated Insecure Direct Object References IDOR in Simple Shopping Cart = 5.2.9 versions...

7.5CVSS0.00278EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/02 1:51 p.m.6 views

WordPress Simple Shopping Cart plugin <= 5.2.9 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by Austin Ginder in WordPress Plugin Simple Shopping Cart versions = 5.2.9...

7.5CVSS5.8AI score0.00278EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/04/04 8:16 a.m.3 views

CVE-2026-0552

The Simple Shopping Cart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpscdisplayproduct' shortcode in all versions up to, and including, 5.2.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS0.00195EPSS
Exploits0References2
CVE
CVE
added 2026/04/04 7:41 a.m.10 views

CVE-2026-0552

CVE-2026-0552 affects the WordPress plugin Simple Shopping Cart (versions up to and including 5.2.4). The issue is a Stored Cross-Site Scripting vulnerability via the plugin’s 'wpsc_display_product' shortcode , caused by insufficient input sanitization and output escaping on user-supplied attribu...

6.4CVSS6.1AI score0.00195EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/04 12:0 a.m.6 views

WordPress plugin Simple Shopping Cart 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.4CVSS5.7AI score0.00195EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/04 12:0 a.m.9 views

PT-2026-30308

Name of the Vulnerable Software and Affected Versions The Simple Shopping Cart plugin for WordPress versions up to and including 5.2.4 Description The Simple Shopping Cart plugin for WordPress is susceptible to Stored Cross-Site Scripting through the 'wpsc display product' shortcode. Insufficient...

6.4CVSS5.9AI score0.00195EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/02/26 4:16 a.m.6 views

CVE-2026-3148

A vulnerability was determined in SourceCodester Simple and Nice Shopping Cart Script 1.0. This impacts an unknown function of the file /signup.php. This manipulation of the argument Username causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and m...

9.8CVSS5.4AI score0.00399EPSS
Exploits1References1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.16 views

WordPress WordPress Simple PayPal Shopping Cart plugin <= 5.1.3 - Insecure Direct Object Reference via 'quantity' vulnerability

Insecure Direct Object Reference via 'quantity' vulnerability discovered by Jack Taylor in WordPress Plugin Simple Shopping Cart versions = 5.1.3...

5.3CVSS5.9AI score0.00302EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/09 2:34 p.m.3 views

CVE-2025-14248

A vulnerability was identified in code-projects Simple Shopping Cart 1.0. Impacted is an unknown function of the file /adminlogin.php. The manipulation of the argument adminusername leads to sql injection. The attack is possible to be carried out remotely. The exploit is publicly available and...

9.8CVSS7.1AI score0.00333EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/12/09 2:34 p.m.4 views

CVE-2025-14247

A vulnerability was determined in code-projects Simple Shopping Cart 1.0. This issue affects some unknown processing of the file /Admin/additems.php. Executing manipulation of the argument itemname can lead to sql injection. The attack can be executed remotely. The exploit has been publicly...

9.8CVSS7.2AI score0.00277EPSS
Exploits1References1
EUVD
EUVD
added 2025/12/08 3:30 p.m.4 views

EUVD-2025-201716

A vulnerability was found in code-projects Simple Shopping Cart 1.0. This vulnerability affects unknown code of the file /Customers/settings.php. Performing manipulation of the argument userid results in sql injection. Remote exploitation of the attack is possible. The exploit has been made publi...

6.5CVSS6.3AI score0.00277EPSS
Exploits1References6
NVD
NVD
added 2025/12/08 3:15 p.m.4 views

CVE-2025-14248

A vulnerability was identified in code-projects Simple Shopping Cart 1.0. Impacted is an unknown function of the file /adminlogin.php. The manipulation of the argument adminusername leads to sql injection. The attack is possible to be carried out remotely. The exploit is publicly available and...

9.8CVSS0.00333EPSS
Exploits1References5
OSV
OSV
added 2025/12/08 3:15 p.m.5 views

CVE-2025-14248

A vulnerability was identified in code-projects Simple Shopping Cart 1.0. Impacted is an unknown function of the file /adminlogin.php. The manipulation of the argument adminusername leads to sql injection. The attack is possible to be carried out remotely. The exploit is publicly available and...

9.8CVSS5.7AI score0.00333EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2025/12/08 2:32 p.m.3 views

CVE-2025-14248 code-projects Simple Shopping Cart adminlogin.php sql injection

A vulnerability was identified in code-projects Simple Shopping Cart 1.0. Impacted is an unknown function of the file /adminlogin.php. The manipulation of the argument adminusername leads to sql injection. The attack is possible to be carried out remotely. The exploit is publicly available and...

7.5CVSS6.8AI score0.00333EPSS
Exploits1References5
CVE
CVE
added 2025/12/08 2:32 p.m.10 views

CVE-2025-14248

CVE-2025-14248 affects code-projects Simple Shopping Cart 1.0. The vulnerability is a SQL injection in adminlogin.php triggered by manipulating the admin_username parameter. The risk is remote and the exploit is publicly available. Multiple sources corroborate the issue and describe it as origina...

9.8CVSS7.2AI score0.00333EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2025/12/08 2:16 p.m.7 views

CVE-2025-14247

A vulnerability was determined in code-projects Simple Shopping Cart 1.0. This issue affects some unknown processing of the file /Admin/additems.php. Executing manipulation of the argument itemname can lead to sql injection. The attack can be executed remotely. The exploit has been publicly...

9.8CVSS5.8AI score0.00277EPSS
Exploits1References5
NVD
NVD
added 2025/12/08 2:16 p.m.5 views

CVE-2025-14247

A vulnerability was determined in code-projects Simple Shopping Cart 1.0. This issue affects some unknown processing of the file /Admin/additems.php. Executing manipulation of the argument itemname can lead to sql injection. The attack can be executed remotely. The exploit has been publicly...

9.8CVSS0.00277EPSS
Exploits1References5
OSV
OSV
added 2025/12/08 2:16 p.m.6 views

CVE-2025-14246

A vulnerability was found in code-projects Simple Shopping Cart 1.0. This vulnerability affects unknown code of the file /Customers/settings.php. Performing manipulation of the argument userid results in sql injection. Remote exploitation of the attack is possible. The exploit has been made publi...

9.8CVSS5.7AI score0.00277EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2025/12/08 2:2 p.m.2 views

CVE-2025-14247 code-projects Simple Shopping Cart additems.php sql injection

A vulnerability was determined in code-projects Simple Shopping Cart 1.0. This issue affects some unknown processing of the file /Admin/additems.php. Executing manipulation of the argument itemname can lead to sql injection. The attack can be executed remotely. The exploit has been publicly...

6.5CVSS6.8AI score0.00277EPSS
Exploits1References5
Rows per page
Query Builder