WordPress WP eStore plugin < 8.5.5 - Reflected XSS in Discount Editing vulnerability

Reflected XSS in Discount Editing vulnerability discovered by Bob Matyas in WordPress Plugin WP eStore versions 8.5.5...

WordPress WP eStore plugin < 8.5.5 - Reflected XSS in Customer Editing vulnerability

Reflected XSS in Customer Editing vulnerability discovered by Bob Matyas in WordPress Plugin WP eStore versions 8.5.5...

WordPress WP eStore plugin < 8.5.5 - Reflected XSS in Category Editing vulnerability

Reflected XSS in Category Editing vulnerability discovered by Bob Matyas in WordPress Plugin WP eStore versions 8.5.5...

WordPress WP eStore plugin < 8.5.6 - Reflected XSS in Product Editing vulnerability

Reflected XSS in Product Editing vulnerability discovered by Bob Matyas in WordPress Plugin WP eStore versions 8.5.6...

EUVD-2003-0579

Malware in sbrugna...

EUVD-2003-0580

Malware in sbrugna...

EUVD-2007-4609

Malware in sbrugna...

WordPress WP eStore plugin < 8.5.6 - Settings Reset via CSRF vulnerability

Settings Reset via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin WP eStore versions 8.5.6...

WordPress WP eStore plugin < 8.5.6 - Reflected XSS in Customer Search vulnerability

Reflected XSS in Customer Search vulnerability discovered by Bob Matyas in WordPress Plugin WP eStore versions 8.5.6...

WordPress WP eStore Plugin < 8.5.6 is vulnerable to Cross Site Request Forgery (CSRF)

Software WP eStore Type Plugin Vulnerable versions 8.5.6 Fixed in 8.5.6 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-6136 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID cbacff106a90 Credits Bob Matyas Required privileg...

WordPress WP eStore Plugin < 8.5.6 is vulnerable to Cross Site Scripting (XSS)

Software WP eStore Type Plugin Vulnerable versions 8.5.6 Fixed in 8.5.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6133 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 0478cdd4af65 Credits Bob Matyas Required...

CVE-2024-6134

CVE-2024-6134 affects wp-cart-for-digital-products (WordPress plugin) prior to version 8.5.6. The vulnerability is a Reflected XSS caused by insufficient sanitization/escaping of a parameter before it is echoed on the page, potentially affecting high-privilege users (admin). The issue is publicly...

CVE-2024-6134 WP eStore < 8.5.6 - Reflected XSS in Product Editing

The wp-cart-for-digital-products WordPress plugin before 8.5.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2024-6133 WP eStore < 8.5.6 - Reflected XSS in Customer Search

The wp-cart-for-digital-products WordPress plugin before 8.5.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2024-6136 WP eStore < 8.5.6 - Settings Reset via CSRF

The wp-cart-for-digital-products WordPress plugin before 8.5.6 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

CVE-2024-6136

The CVE-2024-6136 entry concerns wp-cart-for-digital-products for WordPress (pre-8.5.6) lacking CSRF checks in certain areas, potentially enabling a logged-in attacker to cause unintended actions via CSRF. Public advisories from connected sources confirm the issue and note the impact is a CSRF vu...

CVE-2024-6133 WP eStore < 8.5.6 - Reflected XSS in Customer Search

The wp-cart-for-digital-products WordPress plugin before 8.5.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2024-6136 WP eStore < 8.5.6 - Settings Reset via CSRF

The wp-cart-for-digital-products WordPress plugin before 8.5.6 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

CVE-2024-6133

The vulnerability CVE-2024-6133 affects the WordPress plugin wp-cart-for-digital-products (pre-8.5.6). The issue is a Reflected Cross-Site Scripting flaw where a parameter is not sanitized/escaped before output, potentially affecting high-privilege users (e.g., admins). Root cause: inadequate inp...

eStore CMS 2.0 SQL Injection

==================================================================================================================================== | Title : eStore CMS v2.0 Sql injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64 bits | | Vendor...