Lucene search
K

63 matches found

CNNVD
CNNVD
added 2024/02/28 12:0 a.m.6 views

WordPress Plugin WP eCommerce Security Vulnerabilities

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

5.3CVSS6.8AI score0.00422EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2023/12/21 12:0 a.m.6 views

The vulnerability of the Welcart eCommerce plugin for the WordPress content management system allows a hacker to execute arbitrary code.

The vulnerability of the Welcart eCommerce plugin for the WordPress content management system is related to an incorrect restriction on the path to the restricted access catalog. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

10CVSS8.2AI score0.05116EPSS
Exploits2References2Affected Software1
OSV
OSV
added 2023/11/30 3:15 p.m.4 views

CVE-2023-44150

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ProfilePress Membership Team Paid Membership Plugin, Ecommerce, Registration Form, Login Form, User Profile & Restrict Content – ProfilePress.This issue affects Paid Membership Plugin, Ecommerce, Registration Form, Login...

7.5CVSS7.3AI score0.00658EPSS
Exploits0References1
Patchstack
Patchstack
added 2023/10/25 12:0 a.m.15 views

WordPress Product Recommendation Quiz for eCommerce Plugin <= 2.1.2 is vulnerable to Broken Access Control

Software Product Recommendation Quiz for eCommerce Type Plugin Vulnerable versions = 2.1.2 Fixed in 2.2.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-46631 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID aca78f403747 Credits...

6.6AI score0.00387EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2023/09/27 3:19 p.m.2 views

CVE-2023-41241

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in SureCart WordPress Ecommerce For Creating Fast Online Stores plugin = 2.5.0 versions...

4.8CVSS7.3AI score
Exploits0References1
CNNVD
CNNVD
added 2023/09/27 12:0 a.m.7 views

WordPress plugin WordPress Ecommerce For Creating Fast Online Stores - By SureCart Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress plugin WordPress Ecommerce For...

5.9CVSS6AI score0.003EPSS
Exploits0References2
Patchstack
Patchstack
added 2023/07/18 12:0 a.m.4 views

WordPress eCommerce Addon Plugin < 1.4 is vulnerable to Cross Site Scripting (XSS)

Software eCommerce Addon Type Plugin Vulnerable versions 1.4 Fixed in 1.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID d6579c076d16 Credits Rafie Muhammad Patchstack Required...

6.8AI score0.00284EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2023/07/18 12:0 a.m.8 views

WordPress WordPress eCommerce Plugin – Studiocart Plugin < 2.5.20 is vulnerable to Cross Site Scripting (XSS)

Software WordPress eCommerce Plugin – Studiocart Type Plugin Vulnerable versions 2.5.20 Fixed in 2.5.20 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 5eb1bf45cbd4 Credits Rafie...

6.8AI score0.00284EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2023/07/01 4:26 a.m.26 views

CVE-2021-4392 eCommerce Product Catalog Plugin for WordPress <= 2.9.43 - Cross-Site Request Forgery Bypass

The eCommerce Product Catalog Plugin for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.9.43. This is due to missing or incorrect nonce validation on the implecodesaveproductsmeta function. This makes it possible for unauthenticated...

4.3CVSS4.6AI score0.00476EPSS
Exploits1References9
CNNVD
CNNVD
added 2022/12/12 12:0 a.m.4 views

WordPress plugin Welcart e-Commerce 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

6.5CVSS6.3AI score0.00329EPSS
Exploits2References2
ATTACKERKB
ATTACKERKB
added 2022/09/02 7:15 a.m.4 views

CVE-2022-25813

In Apache OFBiz, versions 18.12.05 and earlier, an attacker acting as an anonymous user of the ecommerce plugin, can insert a malicious content in a message “Subject” field from the "Contact us" page. Then a party manager needs to list the communications in the party component to activate the SST...

7.5CVSS7.1AI score0.67261EPSS
Exploits1References3
Prion
Prion
added 2022/09/02 7:15 a.m.25 views

Code injection

In Apache OFBiz, versions 18.12.05 and earlier, an attacker acting as an anonymous user of the ecommerce plugin, can insert a malicious content in a message “Subject” field from the "Contact us" page. Then a party manager needs to list the communications in the party component to activate the SST...

5CVSS7.4AI score0.67261EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2022/09/02 7:10 a.m.84 views

CVE-2022-25813

Apache OFBiz CVE-2022-25813 affects versions 18.12.05 and earlier. An anonymous user can inject malicious content into the Subject field of the ecommerce plugin’s Contact us page, triggering a Server-Side Template Injection (SSTI) when a party manager lists communications, potentially enabling Re...

7.5CVSS7.4AI score0.67261EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2022/09/02 12:0 a.m.5 views

PT-2022-17538 · Apache · Apache Ofbiz

Name of the Vulnerable Software and Affected Versions: Apache OFBiz versions 18.12.05 and earlier Description: The issue allows an attacker, acting as an anonymous user of the ecommerce plugin, to insert malicious content in the "Subject" field of a message from the "Contact us" page. This can le...

7.5CVSS7.8AI score0.67261EPSS
Exploits1References3
OSV
OSV
added 2021/09/13 6:15 p.m.3 views

CVE-2021-24620

The WordPress Simple Ecommerce Shopping Cart Plugin- Sell products through Paypal plugin through 2.2.5 does not check for the uploaded Downloadable Digital product file, allowing any file, such as PHP to be uploaded by an administrator. Furthermore, as there is no CSRF in place, attackers could...

8.8CVSS5.8AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2021/09/13 12:0 a.m.12 views

PT-2021-16136 · WordPress · Wordpress Simple Ecommerce Shopping Cart Plugin- Sell Products Through Paypal

Name of the Vulnerable Software and Affected Versions: WordPress Simple Ecommerce Shopping Cart Plugin- Sell products through Paypal plugin versions 2.2.5 and earlier Description: The issue allows any file, such as PHP, to be uploaded by an administrator due to a lack of checks for uploaded...

8.8CVSS9AI score0.00632EPSS
Exploits2References5
CNVD
CNVD
added 2020/01/02 12:0 a.m.1 views

WordPress Swipe Checkout for WP e-Commerce Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Swipe Checkout for WP e-Commerce is an online payment plugin for e-commerce sites. A cross-site scripting vulnerability exists in...

6.1CVSS6.3AI score0.01163EPSS
Exploits2References1
CNVD
CNVD
added 2019/06/17 12:0 a.m.2 views

Wordpress Plugin Simple-e-commerce-shopping-cart DatabaseSQL Information Disclosure Vulnerability

WordPress is a blogging platform based on the PHP language, which can be used to set up a website on a server that supports PHP and MySQL databases, and can also be used as a content management system CMS. An information disclosure vulnerability exists in the Wordpress plugin...

6AI score
Exploits0References1
wpexploit
wpexploit
added 2016/11/10 12:0 a.m.12 views

FireStorm Shopping Cart eCommerce Plugin 2.07.02 - Authenticated SQL Injection

$POST ‘pid’ is not escaped. Url is accessible for administrator user. Url with problem: http://localhost:1406/wp/wp-admin/admin.php?page=fssc-products=general=edit=0=0 http://target/wp-admin/admin.php?page=fssc-products&fp=general&f=edit&cid=0&pid=0+UNION+SELECT+name+FROM+wpterms+WHERE+termid=1...

6.5CVSS0.4AI score0.01918EPSS
Exploits2References1
CNVD
CNVD
added 2015/05/18 12:0 a.m.2 views

WordPress Plugin TheCartPress eCommerce Shopping Cart Cross-Site Request Forgery Vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports setting up personal blog sites on servers with PHP and MySQL.TheCartPress eCommerce Shopping Cart plugin for WordPress is an eCommerce shopping cart plugin for WordPress based ...

4.3CVSS6.9AI score0.03392EPSS
Exploits1References1
Rows per page
Query Builder