CVE-2026-48868

The CVE-2026-48868 entry concerns the WordPress WordPress Simple Shopping Cart plugin (versions

CVE-2026-8880

The RomanCart Ecommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'blclass' attribute and other attributes of the romancartbutton shortcode in versions up to, and including, 2.0.8. This is due to insufficient input sanitization and output escaping on user supplied...

CVE-2026-4080

The Easy Cart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'addtocart' shortcode in all versions up to and including 1.8. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes. Specifically, the ectpaddtocart function...

CVE-2026-4080

The Easy Cart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'addtocart' shortcode in all versions up to and including 1.8. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes. Specifically, the ectpaddtocart function...

CVE-2026-4080

The Easy Cart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'addtocart' shortcode in all versions up to and including 1.8. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes. Specifically, the ectpaddtocart function...

EUVD-2026-33892

The Easy Cart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'addtocart' shortcode in all versions up to and including 1.8. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes. Specifically, the ectpaddtocart function...

WordPress plugin Easy Cart 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

PT-2026-45707

Name of the Vulnerable Software and Affected Versions Easy Cart versions prior to 1.9 Description The Easy Cart plugin for WordPress contains a Stored Cross-Site Scripting issue. Authenticated attackers with Contributor-level access or higher can inject arbitrary web scripts into pages. This occu...

CVE-2026-2019

The Cart All In One For WooCommerce plugin for WordPress is vulnerable to Code Injection in all versions up to, and including, 1.1.21. This is due to insufficient input validation on the 'Assign page' field which is passed directly to the eval function. This makes it possible for authenticated...

WordPress Cart All In One For WooCommerce plugin <= 1.1.21 - Authenticated (Administrator+) Code Injection via 'sc_assign_page' Setting vulnerability

Authenticated Administrator+ Code Injection via 'scassignpage' Setting vulnerability discovered by Phap Nguyen Anh - FIS in WordPress Plugin Cart All In One For WooCommerce versions = 1.1.21...

WordPress Ecwid Shopping Cart plugin <= 7.0.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Rapid0nion in WordPress Plugin Ecwid Shopping Cart versions = 7.0.5...

CVE-2016-10951

The fs-shopping-cart plugin 2.07.02 for WordPress has SQL injection via the pid parameter...

CVE-2023-1124

The Shopping Cart & eCommerce Store WordPress plugin before 5.4.3 does not validate HTTP requests, allowing authenticated users with admin privileges to perform LFI attacks...

CVE-2025-3890

The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpcartbutton' shortcode in all versions up to, and including, 5.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...

WordPress Ecwid Shopping Cart plugin <= 7.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Ngô Thiên An ancorn from VNPT-VCI in WordPress Plugin Ecwid Shopping Cart versions = 7.0...

CVE-2024-3211

The Shopping Cart & eCommerce Store plugin for WordPress is vulnerable to SQL Injection via the 'productid' attribute of the ecaddtocart shortcode in all versions up to, and including, 5.6.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

CVE-2024-12712

CVE-2024-12712 affects the Shopping Cart & eCommerce Store (WordPress) plugin, citing a missing capability check on the webhook function that allowed unauthenticated modification of order statuses in all versions up to 5.7.8. Public sources from Red Hat and Wordfence indicate this was patched in ...

PT-2025-1934 · WordPress · Shopping Cart & Ecommerce Store

Name of the Vulnerable Software and Affected Versions: The Shopping Cart & eCommerce Store plugin for WordPress versions up to, and including, 5.7.8 Description: The issue is related to a missing capability check on the webhook function, allowing unauthenticated attackers to modify order statuses...

CVE-2024-12253 Simple Ecommerce Shopping Cart Plugin- Sell products through Paypal <= 3.1.2 - Missing Authorization to Authenticated (Subscriber+) Settings Update / Data Access

The Simple Ecommerce Shopping Cart Plugin- Sell products through Paypal plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'savesettings', 'exportcsv', and 'simpleecommcart-action' actions in all versions up to, and including, 3.1.2. This makes it...

PT-2024-17509 · WordPress · The Simple Ecommerce Shopping Cart Plugin

Name of the Vulnerable Software and Affected Versions: The Simple Ecommerce Shopping Cart Plugin- Sell products through Paypal plugin for WordPress versions up to, and including, 3.1.2 Description: The issue is related to a missing capability check on the 'save settings', 'export csv', and...