42 matches found
CVE-2025-13239 Bdtask/CodeCanyon Isshue Multi Store eCommerce Shopping Cart Solution submit_checkout behavioral workflow
A security vulnerability has been detected in Bdtask/CodeCanyon Isshue Multi Store eCommerce Shopping Cart Solution 5. Affected by this issue is some unknown functionality of the file /submitcheckout. Such manipulation of the argument ordertotalamount/carttotalamount leads to enforcement of...
EUVD-2017-9094
Malware in sbrugna...
EUVD-2009-0385
Malware in sbrugna...
EUVD-2024-27097
Malicious code in bioql PyPI...
CVE-2024-12128
The Simple Ecommerce Shopping Cart Plugin- Sell products through Paypal plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘monthlysalescurrentyear’ parameter in all versions up to, and including, 3.1.2 due to insufficient input sanitization and output escaping. This mak...
CVE-2024-12253
The Simple Ecommerce Shopping Cart Plugin- Sell products through Paypal plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'savesettings', 'exportcsv', and 'simpleecommcart-action' actions in all versions up to, and including, 3.1.2. This makes it...
CVE-2023-51533
Cross-Site Request Forgery CSRF vulnerability in Ecwid Ecommerce Ecwid Ecommerce Shopping Cart.This issue affects Ecwid Ecommerce Shopping Cart: from n/a through 6.12.4...
CVE-2023-6292
The Ecwid Ecommerce Shopping Cart WordPress plugin before 6.12.5 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
CVE-2022-2432
The Ecwid Ecommerce Shopping Cart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.10.23. This is due to missing or incorrect nonce validation on the ecwidupdatepluginparams function. This makes it possible for unauthenticated attackers to updat...
CVE-2024-12128
The Simple Ecommerce Shopping Cart Plugin- Sell products through Paypal plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘monthlysalescurrentyear’ parameter in all versions up to, and including, 3.1.2 due to insufficient input sanitization and output escaping. This mak...
CVE-2024-12253
CVE-2024-12253 concerns the WordPress plugin “Simple Ecommerce Shopping Cart Plugin- Sell products through Paypal” (versions up to 3.1.2). The issue is a missing capability check on actions including ‘save_settings’, ‘export_csv’, and ‘simpleecommcart-action’, which allows an attacker with subscr...
CVE-2024-12253 Simple Ecommerce Shopping Cart Plugin- Sell products through Paypal <= 3.1.2 - Missing Authorization to Authenticated (Subscriber+) Settings Update / Data Access
The Simple Ecommerce Shopping Cart Plugin- Sell products through Paypal plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'savesettings', 'exportcsv', and 'simpleecommcart-action' actions in all versions up to, and including, 3.1.2. This makes it...
CVE-2024-12253 Simple Ecommerce Shopping Cart Plugin- Sell products through Paypal <= 3.1.2 - Missing Authorization to Authenticated (Subscriber+) Settings Update / Data Access
The Simple Ecommerce Shopping Cart Plugin- Sell products through Paypal plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'savesettings', 'exportcsv', and 'simpleecommcart-action' actions in all versions up to, and including, 3.1.2. This makes it...
CVE-2024-2133
A vulnerability, which was classified as problematic, was found in Bdtask Isshue Multi Store eCommerce Shopping Cart Solution 4.0. This affects an unknown part of the file /dashboard/Cinvoice/manageinvoice of the component Manage Sale Page. The manipulation of the argument Title leads to cross si...
Cross site scripting
A vulnerability, which was classified as problematic, was found in Bdtask Isshue Multi Store eCommerce Shopping Cart Solution 4.0. This affects an unknown part of the file /dashboard/Cinvoice/manageinvoice of the component Manage Sale Page. The manipulation of the argument Title leads to cross si...
CVE-2024-2133 Bdtask Isshue Multi Store eCommerce Shopping Cart Solution Manage Sale Page manage_invoice cross site scripting
A vulnerability, which was classified as problematic, was found in Bdtask Isshue Multi Store eCommerce Shopping Cart Solution 4.0. This affects an unknown part of the file /dashboard/Cinvoice/manageinvoice of the component Manage Sale Page. The manipulation of the argument Title leads to cross si...
PT-2024-18856 · Unknown · Bdtask Isshue Multi Store Ecommerce Shopping Cart Solution
Name of the Vulnerable Software and Affected Versions: Bdtask Isshue Multi Store eCommerce Shopping Cart Solution version 4.0 Description: A problematic issue was found in the Manage Sale Page component, specifically affecting the /dashboard/Cinvoice/manage invoice file. The manipulation of the...
PT-2024-14926 · WordPress · Ecwid Ecommerce Shopping Cart
Name of the Vulnerable Software and Affected Versions: Ecwid Ecommerce Shopping Cart WordPress plugin versions prior to 6.12.5 Description: The issue is related to the lack of a CSRF check when updating settings, which could allow attackers to make a logged-in admin change them via a CSRF attack...
PT-2023-19569 · Ecwid · Ecwid Ecommerce Shopping Cart
Name of the Vulnerable Software and Affected Versions: Ecwid Ecommerce Shopping Cart plugin versions = 6.11.4 Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability. This vulnerability requires authentication and affects users with contributor or higher permissions...
Wordpress plugin Ecommerce Shopping Cart 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting vulnerability...