17 matches found
CVE-2025-67971
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPManageNinja FluentCart fluent-cart allows Reflected XSS.This issue affects FluentCart: from n/a through 1.3.0...
CVE-2025-67971
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPManageNinja FluentCart fluent-cart allows Reflected XSS.This issue affects FluentCart: from n/a through 1.3.0...
CVE-2025-67971 WordPress FluentCart plugin < 1.3.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPManageNinja FluentCart fluent-cart allows Reflected XSS.This issue affects FluentCart: from n/a through 1.3.0...
CVE-2025-67971 WordPress FluentCart plugin < 1.3.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPManageNinja FluentCart fluent-cart allows Reflected XSS.This issue affects FluentCart: from n/a through 1.3.0...
CVE-2025-67971
CVE-2025-67971 is a Reflected Cross-Site Scripting vulnerability in FluentCart (WPManageNinja FluentCart fluent-cart) affecting versions before 1.3.0. The CVE entry lists a CVSS v3.1 base score of 7.1 (HIGH) with NETWORK attack vector, LOW impact on confidentiality/integrity/availability, and UI ...
PT-2026-21045
Name of the Vulnerable Software and Affected Versions FluentCart versions prior to 1.3.0 Description The software contains a flaw due to improper neutralization of input during web page generation, leading to a Reflected Cross-Site Scripting XSS condition. This allows an attacker to inject...
WordPress plugin FluentCart 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
WordPress FluentCart plugin < 1.3.0 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by benzdeus in WordPress Plugin FluentCart versions 1.3.0...
CVE-2025-13495
The FluentCart plugin for WordPress is vulnerable to SQL Injection via the 'groupKey' parameter in all versions up to, and including, 1.3.1. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
CVE-2025-13495
The FluentCart plugin for WordPress is vulnerable to SQL Injection via the 'groupKey' parameter in all versions up to, and including, 1.3.1. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
CVE-2025-13495 FluentCart A New Era of eCommerce <= 1.3.1 - Authenticated (Administrator+) SQL Injection via 'groupKey' Parameter
The FluentCart plugin for WordPress is vulnerable to SQL Injection via the 'groupKey' parameter in all versions up to, and including, 1.3.1. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
CVE-2025-13495 FluentCart A New Era of eCommerce <= 1.3.1 - Authenticated (Administrator+) SQL Injection via 'groupKey' Parameter
The FluentCart plugin for WordPress is vulnerable to SQL Injection via the 'groupKey' parameter in all versions up to, and including, 1.3.1. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
CVE-2025-13495
CVE-2025-13495 affects FluentCart A New Era of eCommerce WordPress plugin up to version 1.3.1. The vulnerability is an authenticated SQL Injection via the groupKey parameter, exploitable by Administrators with high privileges. Public advisories (Wordfence, Patchstack, NVD) confirm the issue and p...
EUVD-2025-200728
The FluentCart plugin for WordPress is vulnerable to SQL Injection via the 'groupKey' parameter in all versions up to, and including, 1.3.1. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
PT-2025-48793
The FluentCart plugin for WordPress is vulnerable to SQL Injection via the 'groupKey' parameter in all versions up to, and including, 1.3.1. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
WordPress plugin FluentCart SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A SQL...
WordPress FluentCart A New Era of eCommerce plugin <= 1.3.1 - Authenticated (Administrator+) SQL Injection via 'groupKey' Parameter vulnerability
Authenticated Administrator+ SQL Injection via 'groupKey' Parameter vulnerability discovered by Itthidej Aramsri Boeing777 in WordPress Plugin FluentCart versions = 1.3.1...