CVE-2026-9065

SureCart version prior to 4.2.1 are vulnerable to authenticated SQL injection via multiple parameters 'modelname', 'modelid', 'integrationid', 'provider' on the REST API endpoint '/surecart/v1/integrations/id'. The root cause is a flawed escaping bypass in the query builder 'wp-query-builder'...

EUVD-2026-31072

SureCart version prior to 4.2.1 are vulnerable to authenticated SQL injection via multiple parameters 'modelname', 'modelid', 'integrationid', 'provider' on the REST API endpoint '/surecart/v1/integrations/id'. The root cause is a flawed escaping bypass in the query builder 'wp-query-builder'...

CVE-2026-9065 Surecart - SQL Injection

SureCart version prior to 4.2.1 are vulnerable to authenticated SQL injection via multiple parameters 'modelname', 'modelid', 'integrationid', 'provider' on the REST API endpoint '/surecart/v1/integrations/id'. The root cause is a flawed escaping bypass in the query builder 'wp-query-builder'...

CVE-2026-39488 WordPress SureCart plugin <= 4.0.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in SureCart SureCart surecart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SureCart: from n/a through = 4.0.2...

CVE-2026-39488

Missing Authorization vulnerability in SureCart SureCart surecart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SureCart: from n/a through = 4.0.2...

CVE-2024-43970

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in SureCart allows Reflected XSS.This issue affects SureCart: from n/a through 2.29.3...

CVE-2024-43970

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in SureCart allows Reflected XSS.This issue affects SureCart: from n/a through 2.29.3...

CVE-2024-43970 WordPress SureCart plugin <= 2.29.3 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in SureCart allows Reflected XSS.This issue affects SureCart: from n/a through 2.29.3...

CVE-2024-43970

CVE-2024-43970 refers to a WordPress SureCart plugin vulnerability: Reflected XSS due to improper input neutralization during web page generation, affecting SureCart versions n/a–2.29.3. The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) indicates network access, low attack complexity, req...

CVE-2024-43970 WordPress SureCart plugin <= 2.29.3 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in SureCart allows Reflected XSS.This issue affects SureCart: from n/a through 2.29.3...

PT-2024-30833 · Surecart · Surecart

Name of the Vulnerable Software and Affected Versions: SureCart versions n/a through 2.29.3 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Reflected XSS. Recommendations: For versions n/a...

Cross site scripting

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in SureCart WordPress Ecommerce For Creating Fast Online Stores plugin = 2.5.0 versions...

CVE-2023-41241

CVE-2023-41241 affects SureCart WordPress Ecommerce For Creating Fast Online Stores plugin; vulnerable component is the admin-level Stored XSS in the plugin’s input handling, allowing stored XSS when authenticated as Administrator. Affected versions are

CVE-2023-41241 WordPress SureCart Plugin <= 2.5.0 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in SureCart WordPress Ecommerce For Creating Fast Online Stores plugin = 2.5.0 versions...

WordPress SureCart Plugin <= 2.5.0 is vulnerable to Cross Site Scripting (XSS)

Software SureCart Type Plugin Vulnerable versions = 2.5.0 Fixed in 2.5.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-41241 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID c666aa75b4dc Credits emad Required privilege Administrator Publish...