CVE-2026-8880

The RomanCart Ecommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'blclass' attribute and other attributes of the romancartbutton shortcode in versions up to, and including, 2.0.8. This is due to insufficient input sanitization and output escaping on user supplied...

CVE-2026-8880

The RomanCart Ecommerce WordPress plugin (

EUVD-2026-35305

The RomanCart Ecommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'blclass' attribute and other attributes of the romancartbutton shortcode in versions up to, and including, 2.0.8. This is due to insufficient input sanitization and output escaping on user supplied...

CVE-2026-8880 RomanCart Ecommerce <= 2.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The RomanCart Ecommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'blclass' attribute and other attributes of the romancartbutton shortcode in versions up to, and including, 2.0.8. This is due to insufficient input sanitization and output escaping on user supplied...

PT-2026-47674

The RomanCart Ecommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'blclass' attribute and other attributes of the romancart button shortcode in versions up to, and including, 2.0.8. This is due to insufficient input sanitization and output escaping on user supplied...

WordPress RomanCart Ecommerce plugin <= 2.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Gilang - DJ in WordPress Plugin RomanCart Ecommerce versions = 2.0.8...

CVE-2025-23685

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WebTechGlobal RomanCart romancart-on-wordpress allows Reflected XSS.This issue affects RomanCart: from n/a through = 0.0.2...

EUVD-2025-3343

Malicious code in bioql PyPI...

CVE-2025-23685

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WebTechGlobal RomanCart romancart-on-wordpress allows Reflected XSS.This issue affects RomanCart: from n/a through = 0.0.2...

CVE-2025-23685

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WebTechGlobal RomanCart romancart-on-wordpress allows Reflected XSS.This issue affects RomanCart: from n/a through = 0.0.2...

CVE-2025-23685 WordPress RomanCart On WordPress plugin <= 0.0.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WebTechGlobal RomanCart romancart-on-wordpress allows Reflected XSS.This issue affects RomanCart: from n/a through = 0.0.2...

CVE-2025-23685 WordPress RomanCart On WordPress plugin <= 0.0.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WebTechGlobal RomanCart romancart-on-wordpress allows Reflected XSS.This issue affects RomanCart: from n/a through = 0.0.2...

CVE-2025-23685

CVE-2025-23685 is a Reflected XSS in the WordPress plugin RomanCart (NotFound RomanCart) affecting versions up to 0.0.2. The issue stems from improper input neutralization during web page generation. Public vulnerability details are provided in multiple connected entries (Red Hat, NVD, CVE list) ...

PT-2025-5022 · Romancart · Romancart

Name of the Vulnerable Software and Affected Versions: RomanCart versions n/a through 0.0.2 Description: The issue is related to improper neutralization of input during web page generation, also known as Cross-site Scripting. This allows for Reflected XSS in NotFound RomanCart. Recommendations: F...

WordPress plugin RomanCart 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress RomanCart On WordPress plugin <= 0.0.2 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara Kinorth in WordPress Plugin RomanCart versions = 0.0.2...