EUVD-2013-2644

Malware in sbrugna...

CVE-2025-3890 WordPress Simple PayPal Shopping Cart <= 5.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpcartbutton' shortcode in all versions up to, and including, 5.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...

CVE-2025-3874 WordPress Simple PayPal Shopping Cart <= 5.1.3 - Insecure Direct Object Reference

The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.3 due to lack of randomization of a user controlled key. This makes it possible for unauthenticated attackers to access customer shopping carts and...

CVE-2025-3889 WordPress Simple PayPal Shopping Cart <= 5.1.3 - Insecure Direct Object Reference via 'quantity'

The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.3 via the 'processpaymentdata' due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to change the...

CVE-2025-3530 WordPress Simple PayPal Shopping Cart <= 5.1.2 - Unauthenticated Product Price Manipulation

The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to product price manipulation in all versions up to, and including, 5.1.2. This is due to a logic flaw involving the inconsistent use of parameters during the cart addition process. The plugin uses the parameter 'producttmptwo'...

CVE-2025-3529

CVE-2025-3529 affects the WordPress WordPress Simple Shopping Cart plugin (versions up to 5.1.2). The issue is an unauthenticated "Sensitive Information Exposure" via the file_url parameter, allowing an attacker to view sensitive data and download a digital product without paying. Root cause: imp...

CVE-2025-3530

CVE-2025-3530 – WordPress Simple Shopping Cart (plugin) vulnerability : All versions up to and including 5.1.2 are susceptible to unauthenticated price manipulation due to a logic flaw in the cart-add path. The code inconsistently uses the parameters: it hashes pricing with the product_tmp_two pa...

CVE-2019-5992

Cross-site request forgery CSRF vulnerability in WordPress Ultra Simple Paypal Shopping Cart v4.4 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in WordPress Ultra Simple Paypal Shopping Cart v4.4 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors...

CVE-2019-5992

The CVE-2019-5992 entry concerns the WordPress plugin WordPress Ultra Simple Paypal Shopping Cart (versions 4.4 and earlier). The vulnerability is Cross-Site Request Forgery (CSRF) that can allow an attacker to hijack an administrator’s authenticated actions via unspecified vectors. Documented im...

CVE-2019-5992

Cross-site request forgery CSRF vulnerability in WordPress Ultra Simple Paypal Shopping Cart v4.4 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors...

CVE-2013-2705

Cross-site request forgery CSRF vulnerability in the WordPress Simple Paypal Shopping Cart plugin before 3.6 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change plugin settings...

CVE-2013-2705

Cross-site request forgery CSRF vulnerability in the WordPress Simple Paypal Shopping Cart plugin before 3.6 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change plugin settings...

CVE-2013-2705

CVE-2013-2705 is a CSRF vulnerability in the WordPress Simple PayPal Shopping Cart plugin (pre-3.6). It allows remote attackers to hijack the administrator’s session and perform plugin-setting changes. Affected: WordPress plugin versions before 3.6. Exploitation details are not provided in the do...