63 matches found
WordPress Plugin WP eCommerce Security Vulnerabilities
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
The vulnerability of the Welcart eCommerce plugin for the WordPress content management system allows a hacker to execute arbitrary code.
The vulnerability of the Welcart eCommerce plugin for the WordPress content management system is related to an incorrect restriction on the path to the restricted access catalog. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
CVE-2023-44150
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ProfilePress Membership Team Paid Membership Plugin, Ecommerce, Registration Form, Login Form, User Profile & Restrict Content – ProfilePress.This issue affects Paid Membership Plugin, Ecommerce, Registration Form, Login...
WordPress Product Recommendation Quiz for eCommerce Plugin <= 2.1.2 is vulnerable to Broken Access Control
Software Product Recommendation Quiz for eCommerce Type Plugin Vulnerable versions = 2.1.2 Fixed in 2.2.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-46631 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID aca78f403747 Credits...
CVE-2023-41241
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in SureCart WordPress Ecommerce For Creating Fast Online Stores plugin = 2.5.0 versions...
WordPress plugin WordPress Ecommerce For Creating Fast Online Stores - By SureCart Cross-Site Scripting Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress plugin WordPress Ecommerce For...
WordPress eCommerce Addon Plugin < 1.4 is vulnerable to Cross Site Scripting (XSS)
Software eCommerce Addon Type Plugin Vulnerable versions 1.4 Fixed in 1.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID d6579c076d16 Credits Rafie Muhammad Patchstack Required...
WordPress WordPress eCommerce Plugin – Studiocart Plugin < 2.5.20 is vulnerable to Cross Site Scripting (XSS)
Software WordPress eCommerce Plugin – Studiocart Type Plugin Vulnerable versions 2.5.20 Fixed in 2.5.20 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 5eb1bf45cbd4 Credits Rafie...
CVE-2021-4392 eCommerce Product Catalog Plugin for WordPress <= 2.9.43 - Cross-Site Request Forgery Bypass
The eCommerce Product Catalog Plugin for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.9.43. This is due to missing or incorrect nonce validation on the implecodesaveproductsmeta function. This makes it possible for unauthenticated...
WordPress plugin Welcart e-Commerce 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...
CVE-2022-25813
In Apache OFBiz, versions 18.12.05 and earlier, an attacker acting as an anonymous user of the ecommerce plugin, can insert a malicious content in a message “Subject” field from the "Contact us" page. Then a party manager needs to list the communications in the party component to activate the SST...
Code injection
In Apache OFBiz, versions 18.12.05 and earlier, an attacker acting as an anonymous user of the ecommerce plugin, can insert a malicious content in a message “Subject” field from the "Contact us" page. Then a party manager needs to list the communications in the party component to activate the SST...
CVE-2022-25813
Apache OFBiz CVE-2022-25813 affects versions 18.12.05 and earlier. An anonymous user can inject malicious content into the Subject field of the ecommerce plugin’s Contact us page, triggering a Server-Side Template Injection (SSTI) when a party manager lists communications, potentially enabling Re...
PT-2022-17538 · Apache · Apache Ofbiz
Name of the Vulnerable Software and Affected Versions: Apache OFBiz versions 18.12.05 and earlier Description: The issue allows an attacker, acting as an anonymous user of the ecommerce plugin, to insert malicious content in the "Subject" field of a message from the "Contact us" page. This can le...
CVE-2021-24620
The WordPress Simple Ecommerce Shopping Cart Plugin- Sell products through Paypal plugin through 2.2.5 does not check for the uploaded Downloadable Digital product file, allowing any file, such as PHP to be uploaded by an administrator. Furthermore, as there is no CSRF in place, attackers could...
PT-2021-16136 · WordPress · Wordpress Simple Ecommerce Shopping Cart Plugin- Sell Products Through Paypal
Name of the Vulnerable Software and Affected Versions: WordPress Simple Ecommerce Shopping Cart Plugin- Sell products through Paypal plugin versions 2.2.5 and earlier Description: The issue allows any file, such as PHP, to be uploaded by an administrator due to a lack of checks for uploaded...
WordPress Swipe Checkout for WP e-Commerce Cross-Site Scripting Vulnerability
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Swipe Checkout for WP e-Commerce is an online payment plugin for e-commerce sites. A cross-site scripting vulnerability exists in...
Wordpress Plugin Simple-e-commerce-shopping-cart DatabaseSQL Information Disclosure Vulnerability
WordPress is a blogging platform based on the PHP language, which can be used to set up a website on a server that supports PHP and MySQL databases, and can also be used as a content management system CMS. An information disclosure vulnerability exists in the Wordpress plugin...
FireStorm Shopping Cart eCommerce Plugin 2.07.02 - Authenticated SQL Injection
$POST ‘pid’ is not escaped. Url is accessible for administrator user. Url with problem: http://localhost:1406/wp/wp-admin/admin.php?page=fssc-products=general=edit=0=0 http://target/wp-admin/admin.php?page=fssc-products&fp=general&f=edit&cid=0&pid=0+UNION+SELECT+name+FROM+wpterms+WHERE+termid=1...
WordPress Plugin TheCartPress eCommerce Shopping Cart Cross-Site Request Forgery Vulnerability
WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports setting up personal blog sites on servers with PHP and MySQL.TheCartPress eCommerce Shopping Cart plugin for WordPress is an eCommerce shopping cart plugin for WordPress based ...