Lucene search
K

4835 matches found

Nuclei
Nuclei
added 7 hours ago19 views

Abandoned Cart Lite for WooCommerce < 5.2.0 - Cross-Site Scripting

The Abandoned Cart Lite for WooCommerce and Abandoned Cart Pro for WooCommerce plugins for WordPress are vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 5.1.3 and 7.12.0 respectively, due to insufficient input sanitization and output escaping. i...

7.2CVSS6.4AI score0.01353EPSS
Exploits1References4
Nuclei
Nuclei
added 7 hours ago36 views

Joomla! Component Saber Cart 1.0.0.12 - Local File Inclusion

A directory traversal vulnerability in the Seber Cart comsebercart component 1.0.0.12 and 1.0.0.13 for Joomla!, when magicquotesgpc is disabled, allows remote attackers to read arbitrary files via a .. dot dot in the view parameter to index.php. id: CVE-2010-1313 info: name: Joomla! Component Sab...

4.3CVSS6.2AI score0.08684EPSS
Exploits1References4
Nuclei
Nuclei
added 7 hours ago17 views

Sunshine Photo Cart <= 3.2.5 - Reflected Cross-Site Scripting

WP Sunshine Sunshine Photo Cart versions up to 3.2.5 contain a reflected cross-site scripting caused by improper input neutralization during web page generation, letting attackers execute malicious scripts in users' browsers, exploit requires attacker to craft malicious input. id: CVE-2024-43971...

7.1CVSS6AI score0.00593EPSS
Exploits0References2
Nuclei
Nuclei
added 7 hours ago8 views

Sunshine Photo Cart <= 3.1.1 - Reflected Cross-Site Scripting

WP Sunshine Sunshine Photo Cart versions up to 3.1.1 contain a cross-site scripting caused by improper neutralization of input during web page generation, letting attackers execute malicious scripts in users' browsers, exploit requires attacker to craft malicious input. id: CVE-2024-30194 info:...

7.1CVSS7AI score0.00727EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday38 views

SPA-Cart eCommerce CMS 1.9.0.3 - Cross-Site Scripting

A vulnerability was found in SPA-Cart eCommerce CMS 1.9.0.3. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /search. The manipulation of the argument filterbrandid/filterprice leads to cross site scripting. The attack may be launched remotely...

6.1CVSS4.4AI score0.48533EPSS
Exploits4References5
NVD
NVD
added 2 days ago3 views

CVE-2026-57698

Authentication Bypass Using an Alternate Path or Channel vulnerability in VillaTheme Abandoned Cart Recovery for WooCommerce woo-abandoned-cart-recovery allows Authentication Abuse.This issue affects Abandoned Cart Recovery for WooCommerce: from n/a through = 1.1.12...

6.5CVSS0.00252EPSS
Exploits0References1
NVD
NVD
added 2 days ago3 views

CVE-2026-57417

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RexTheme Cart Lift cart-lift allows Stored XSS.This issue affects Cart Lift: from n/a through = 3.1.57...

7.1CVSS0.0018EPSS
Exploits0References1
CVE
CVE
added 2 days ago8 views

CVE-2026-57698

CVE-2026-57698 affects the WordPress plugin Abandoned Cart Recovery for WooCommerce (woo-abandoned-cart-recovery), with versions up to and including 1.1.12. The issue is an Authentication Bypass/Authentication Abuse via an alternate path or channel, enabling unauthorized access as described in th...

6.5CVSS6.1AI score0.00252EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago28 views

CVE-2026-57698 WordPress Abandoned Cart Recovery for WooCommerce plugin <= 1.1.12 - Broken Authentication vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in VillaTheme Abandoned Cart Recovery for WooCommerce woo-abandoned-cart-recovery allows Authentication Abuse.This issue affects Abandoned Cart Recovery for WooCommerce: from n/a through = 1.1.12...

6.5CVSS0.00252EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago34 views

CVE-2026-57417 WordPress Cart Lift plugin <= 3.1.57 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RexTheme Cart Lift cart-lift allows Stored XSS.This issue affects Cart Lift: from n/a through = 3.1.57...

7.1CVSS0.0018EPSS
Exploits0References1
CVE
CVE
added 2 days ago9 views

CVE-2026-57417

CVE-2026-57417 concerns the WordPress Cart Lift plugin, affected versions are

7.1CVSS6.1AI score0.0018EPSS
Exploits0References1
EUVD
EUVD
added 5 days ago5 views

EUVD-2026-43025

The Eventin – Event Calendar, Event Registration, Tickets & Booking AI Powered plugin for WordPress is vulnerable to authorization bypass due to a regression in versions from 4.0.26 up to and including 4.1.15. This is due to the plugin not properly verifying that a user is authorized to perform a...

5.3CVSS6.1AI score0.00257EPSS
Exploits0References2
NVD
NVD
added 6 days ago8 views

CVE-2026-15190

A vulnerability was detected in SourceCodester Simple and Nice Shopping Cart Script 1.0. This affects an unknown part of the file /login.php. Performing a manipulation of the argument Username results in sql injection. Remote exploitation of the attack is possible. The exploit is now public and m...

7.5CVSS0.00328EPSS
Exploits0References6
CVE
CVE
added 6 days ago8 views

CVE-2026-15190

CVE-2026-15190 affects SourceCodester Simple and Nice Shopping Cart Script 1.0. The vulnerability is a SQL injection in an unknown area of /login.php triggered by manipulating the Username parameter. Remote exploitation is possible, and publicly available exploits exist. The CVSS metrics indicate...

7.5CVSS6.9AI score0.00328EPSS
Exploits0References6
Cvelist
Cvelist
added 6 days ago31 views

CVE-2026-15190 SourceCodester Simple and Nice Shopping Cart Script login.php sql injection

A vulnerability was detected in SourceCodester Simple and Nice Shopping Cart Script 1.0. This affects an unknown part of the file /login.php. Performing a manipulation of the argument Username results in sql injection. Remote exploitation of the attack is possible. The exploit is now public and m...

7.5CVSS0.00328EPSS
Exploits0References6
EUVD
EUVD
added 6 days ago7 views

EUVD-2026-42615

A vulnerability was detected in SourceCodester Simple and Nice Shopping Cart Script 1.0. This affects an unknown part of the file /login.php. Performing a manipulation of the argument Username results in sql injection. Remote exploitation of the attack is possible. The exploit is now public and m...

7.5CVSS6.8AI score0.00328EPSS
Exploits0References6
Patchstack
Patchstack
added last week4 views

WordPress Abandoned Cart Recovery for WooCommerce plugin <= 1.1.12 - Broken Authentication vulnerability

Broken Authentication vulnerability discovered by she11f in WordPress Plugin Abandoned Cart Recovery for WooCommerce versions = 1.1.12...

6.5CVSS6.1AI score0.00252EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added last week6 views

WordPress Cart Lift plugin <= 3.1.57 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by dodoh4t in WordPress Plugin Cart Lift versions = 3.1.57...

7.1CVSS6.1AI score0.0018EPSS
Exploits0Affected Software1
OSV
OSV
added 2026/07/06 9:49 p.m.3 views

CVE-2026-43927 FOSSBilling has race condition in cart checkout that bypasses promo code usage limits

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, a race condition in the cart checkout flow allows an authenticated client to apply a promo code beyond its configured maximum uses. By sending concurrent checkout requests before any single request...

6.9CVSS6AI score0.0022EPSS
Exploits0References3
CVE
CVE
added 2026/07/06 9:49 p.m.14 views

CVE-2026-43927

FOSSBilling has a race-condition vulnerability in the cart checkout flow that, before version 0.8.0, lets an authenticated user apply promo codes beyond their maxuses by sending concurrent checkout requests before usage increments complete. This can enable unlimited discounts or free orders from ...

6.9CVSS6AI score0.0022EPSS
Exploits0References1
Rows per page
Query Builder