Lucene search
+L

14 matches found

nvd
nvd
added 6 days ago7 views

CVE-2026-7655

The SureCart plugin for WordPress is vulnerable to privilege escalation via account takeover in versions up to, and including, 4.2.3. This is due to the plugin not properly validating a user's identity prior to updating their details like email during customer profile synchronization from webhook...

8.1CVSS0.00302EPSS
Exploits0References2
euvd
euvd
added 6 days ago6 views

EUVD-2026-43148

The SureCart plugin for WordPress is vulnerable to privilege escalation via account takeover in versions up to, and including, 4.2.3. This is due to the plugin not properly validating a user's identity prior to updating their details like email during customer profile synchronization from webhook...

8.1CVSS6.1AI score0.00302EPSS
Exploits0References2
cvelist
cvelist
added 2026/06/26 2:52 p.m.34 views

CVE-2026-57314 WordPress SureCart plugin <= 4.3.2 - Reflected Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in SureCart = 4.3.2 versions...

7.1CVSS0.0018EPSS
Exploits0References1
cvelist
cvelist
added 2026/06/26 2:52 p.m.32 views

CVE-2026-57313 WordPress SureCart plugin <= 4.2.2 - Cross Site Scripting (XSS) vulnerability

Subscriber Cross Site Scripting XSS in SureCart = 4.2.2 versions...

6.5CVSS0.00211EPSS
Exploits0References1
cve
cve
added 2026/06/26 2:52 p.m.14 views

CVE-2026-57314

CVE-2026-57314 affects the WordPress SureCart plugin ≤ 4.3.2 with an unauthenticated reflected XSS vulnerability. The impact per the records is LOW confidentiality/integrity/availability, high overall severity (CVSS 3.1: AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L). The root cause involves improper handl...

7.1CVSS5.8AI score0.0018EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/04/08 8:30 a.m.4 views

CVE-2026-39488 WordPress SureCart plugin <= 4.0.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in SureCart SureCart surecart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SureCart: from n/a through = 4.0.2...

6.5CVSS5.8AI score0.00184EPSS
Exploits0References1
patchstack
patchstack
added 2026/03/26 6:31 a.m.7 views

WordPress SureCart plugin <= 4.0.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin SureCart versions = 4.0.2...

6.3CVSS5.9AI score0.00184EPSS
Exploits0Affected Software1
euvd
euvd
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-45758

Malicious code in bioql PyPI...

5.9CVSS6.5AI score0.003EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/23 5:14 a.m.9 views

CVE-2023-41241

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in SureCart WordPress Ecommerce For Creating Fast Online Stores plugin = 2.5.0 versions...

5.9CVSS5.6AI score0.003EPSS
Exploits0References1
nessus
nessus
added 2024/11/26 12:0 a.m.6 views

Surecart Plugin for WordPress < 2.30.0 SQL Injection

The WordPress Surecart Plugin installed on the remote host is affected by an unauthenticated SQL injection vulnerability. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number. No source data...

8.6AI score
Exploits0References3
patchstack
patchstack
added 2024/08/28 9:2 a.m.4 views

WordPress SureCart plugin <= 2.29.3 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Le Ngoc Anh Patchstack Alliance in WordPress Plugin SureCart versions = 2.29.3...

7.1CVSS6.1AI score0.00256EPSS
Exploits0Affected Software1
patchstack
patchstack
added 2024/08/28 12:0 a.m.10 views

WordPress SureCart Plugin <= 2.29.3 is vulnerable to Cross Site Scripting (XSS)

Software SureCart Type Plugin Vulnerable versions = 2.29.3 Fixed in 2.29.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43970 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 031e83213ccc Credits Le Ngoc Anh Required privilege...

7.1CVSS6.6AI score0.00256EPSS
Exploits0References2Affected Software1
cnnvd
cnnvd
added 2023/09/27 12:0 a.m.9 views

WordPress plugin WordPress Ecommerce For Creating Fast Online Stores - By SureCart Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress plugin WordPress Ecommerce For...

5.9CVSS6AI score0.003EPSS
Exploits0References2
wpvulndb
wpvulndb
added 2023/09/27 12:0 a.m.12 views

SureCart < 2.5.1 - Admin+ Stored XSS

Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.6AI score0.003EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder