EUVD-2023-56384

Malicious code in bioql PyPI...

CVE-2024-12712 Shopping Cart & eCommerce Store <= 5.7.8 - Missing Authorization to Order Updates

The Shopping Cart & eCommerce Store plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the webhook function in all versions up to, and including, 5.7.8. This makes it possible for unauthenticated attackers to modify order statuses...

CVE-2024-7827 Shopping Cart & eCommerce Store <= 5.7.2 - Authenticated (Contributor+) SQL Injection via model_number Parameter

The Shopping Cart & eCommerce Store plugin for WordPress is vulnerable to boolean-based SQL Injection via the ‘modelnumber’ parameter in all versions up to, and including, 5.7.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL quer...

PT-2024-38612

Name of the Vulnerable Software and Affected Versions: The Shopping Cart & eCommerce Store plugin for WordPress versions up to, and including, 5.7.2 Description: The issue is related to boolean-based SQL Injection via the model number parameter due to insufficient escaping on the user-supplied...

WordPress Shopping Cart & eCommerce Store plugin <= 5.5.19 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Joshua Chan Patchstack Alliance in WordPress Plugin WP EasyCart versions = 5.5.19...

WordPress Plugin Shopping Cart & eCommerce Store 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. WordPress Plugin Shopping Cart & eCommerce Store A...

CVE-2024-3211

CVE-2024-3211 affects the WordPress plugin Shopping Cart & eCommerce Store (wp-easycart) for versions up to 5.6.3. The vulnerability is an SQL Injection via the ec_addtocart shortcode’s productid attribute, caused by insufficient escaping and inadequate query preparation. This allows authenticate...

CVE-2024-3211 Shopping Cart & eCommerce Store <= 5.6.3 - Authenticated (Contributor+) SQL Injection

The Shopping Cart & eCommerce Store plugin for WordPress is vulnerable to SQL Injection via the 'productid' attribute of the ecaddtocart shortcode in all versions up to, and including, 5.6.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

PT-2024-24416 · WordPress · Shopping Cart & Ecommerce Store

Name of the Vulnerable Software and Affected Versions: The Shopping Cart & eCommerce Store plugin for WordPress versions up to, and including, 5.6.3 Description: The issue arises from insufficient escaping on the user-supplied productid attribute of the ec addtocart shortcode and lack of sufficie...

WordPress Plugin Shopping Cart & eCommerce Store 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

Cross site scripting

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Easy Digital Downloads Easy Digital Downloads – Sell Digital Files eCommerce Store & Payments Made Easy allows Stored XSS.This issue affects Easy Digital Downloads – Sell Digital Files eCommerce...

CVE-2023-1124 Shopping Cart & eCommerce Store < 5.4.3 - Admin+ LFI

The Shopping Cart & eCommerce Store WordPress plugin before 5.4.3 does not validate HTTP requests, allowing authenticated users with admin privileges to perform LFI attacks...

CVE-2023-1124

CVE-2023-1124 affects the Shopping Cart & eCommerce Store WordPress plugin (versions before 5.4.3). The vulnerability arises from not validating HTTP requests, allowing authenticated administrators to perform Local File Inclusion (LFI) attacks. Impact is high for confidentiality, integrity, and a...

WordPress plugin Shopping Cart & eCommerce Store 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A path traversal vulnerability exists in th...

Shopping Cart & eCommerce Store < 5.4.3 - Admin+ LFI

The plugin does not validate HTTP requests, allowing authenticated users with admin privileges to perform LFI attacks. PoC 1. Login as Admin. 2. Go to wp-admin/admin.php?page=wp-easycart-products=products 3. Click on Import Products. Browse any file and click on import file. Intercept the...

Shopping Cart & eCommerce Store < 5.4.3 - Admin+ LFI

The plugin does not validate HTTP requests, allowing authenticated users with admin privileges to perform LFI attacks. 1. Login as Admin. 2. Go to wp-admin/admin.php?page=wp-easycart-products&subpage=products 3. Click on Import Products. Browse any file and click on import file. Intercept the...

CVE-2022-35493

A Cross-site scripting XSS vulnerability in json search parse and the json response in wrteam.in, eShop - Multipurpose Ecommerce Store Website version 3.0.4 allows remote attackers to inject arbitrary web script or HTML via the getproducts?search parameter...

CVE-2022-35493

A Cross-site scripting XSS vulnerability in json search parse and the json response in wrteam.in, eShop - Multipurpose Ecommerce Store Website version 3.0.4 allows remote attackers to inject arbitrary web script or HTML via the getproducts?search parameter...

CVE-2022-35493

CVE-2022-35493 affects eShop - Multipurpose Ecommerce Store Website version 3.0.4. Nuclei template and Red Hat/NVD references identify a reflected Cross-Site Scripting (XSS) vulnerability in the json search parse and the json response, exploitable via the get_products?search parameter on wrteam.i...

Shopping Cart & eCommerce Store < 5.2.5 - Arbitrary Design Settings Update via CSRF

The plugin is lacking CSRF checks in various AJAX actions, such as ecadminajaxsavedesignsettings, which could allow attackers to make a logged in admin update arbitrary settings To disable the Live Design Editor To set the custom CSS setting to body background-color: red;...