WordPress Ecommerce Zone theme <= 0.9.7 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Denver Jackson in WordPress Theme Ecommerce Zone versions = 0.9.7...

WordPress plugin WP eCommerce 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

WordPress WP eCommerce plugin <= 3.15.1 - Unauthenticated PHP Object Injection vulnerability

Unauthenticated PHP Object Injection vulnerability discovered by yiğit ibrahim sağlam in WordPress Plugin WP eCommerce versions = 3.15.1...

CVE-2025-11457 EasyCommerce – AI-Powered, Blazing-Fast & Beautiful WordPress Ecommerce Plugin 0.9.0-beta2 - 1.8.2 - Unauthenticated Privilege Escalation

The EasyCommerce – AI-Powered, Fast & Beautiful WordPress Ecommerce Plugin plugin for WordPress is vulnerable to Privilege Escalation in versions 0.9.0-beta2 to 1.8.2. This is due to the /easycommerce/v1/orders REST API endpoint not properly restricting the ability for users to select roles durin...

CVE-2025-49331 WordPress eCommerce Product Catalog <= 3.4.3 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in impleCode eCommerce Product Catalog allows Object Injection. This issue affects eCommerce Product Catalog: from n/a through 3.4.3...

CVE-2023-41241

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in SureCart WordPress Ecommerce For Creating Fast Online Stores plugin = 2.5.0 versions...

CVE-2024-36082

SQL injection vulnerability in Music Store - WordPress eCommerce versions prior to 1.1.14 allows a remote authenticated attacker with an administrative privilege to execute arbitrary SQL commands. Information stored in the database may be obtained or altered by the attacker...

CVE-2024-36082

SQL injection vulnerability in Music Store - WordPress eCommerce versions prior to 1.1.14 allows a remote authenticated attacker with an administrative privilege to execute arbitrary SQL commands. Information stored in the database may be obtained or altered by the attacker...

CVE-2024-36082

SQL injection vulnerability in Music Store - WordPress eCommerce versions prior to 1.1.14 allows a remote authenticated attacker with an administrative privilege to execute arbitrary SQL commands. Information stored in the database may be obtained or altered by the attacker...

CVE-2024-1514

The WP eCommerce plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'cartcontents' parameter in all versions up to, and including, 3.15.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes ...

CVE-2024-1516

The WP eCommerce plugin for WordPress is vulnerable to unauthorized arbitrary post creation due to a missing capability check on the checkforsaaspush function in all versions up to, and including, 3.15.1. This makes it possible for unauthenticated attackers to create arbitrary posts with arbitrar...

WordPress eCommerce Product Catalog Plugin <= 3.3.26 is vulnerable to Cross Site Scripting (XSS)

Software eCommerce Product Catalog Type Plugin Vulnerable versions = 3.3.26 Fixed in 3.3.27 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-47839 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 6511afa732b3 Credits LVT-tholv2k Required...

WordPress WordPress eCommerce Plugin – Studiocart Plugin < 2.5.20 is vulnerable to Cross Site Scripting (XSS)

Software WordPress eCommerce Plugin – Studiocart Type Plugin Vulnerable versions 2.5.20 Fixed in 2.5.20 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 5eb1bf45cbd4 Credits Rafie...

WordPress eCommerce Product Catalog Plugin <= 3.3.8 is vulnerable to Cross Site Scripting (XSS)

Software eCommerce Product Catalog Type Plugin Vulnerable versions = 3.3.8 Fixed in 3.3.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-1470 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID b594574ee607 Credits Marco Wotschka...

WordPress eCommerce Product Catalog Plugin <= 3.3.4 is vulnerable to Cross Site Scripting (XSS)

Software eCommerce Product Catalog Type Plugin Vulnerable versions = 3.3.4 Fixed in 3.3.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-25049 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 0a25dfcf24b7 Credits Abdi Pranata...

WordPress eCommerce Product Catalog 3.0.70 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

Malicious Package

Overview @newfold-labs/wp-module-ecommerce is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable...

PT-2021-16136 · WordPress · Wordpress Simple Ecommerce Shopping Cart Plugin- Sell Products Through Paypal

Name of the Vulnerable Software and Affected Versions: WordPress Simple Ecommerce Shopping Cart Plugin- Sell products through Paypal plugin versions 2.2.5 and earlier Description: The issue allows any file, such as PHP, to be uploaded by an administrator due to a lack of checks for uploaded...

MarketPress <= 3.2.6 - PHP Object Injection

The MarketPress plugin installs to a directory named wordpress-ecommerce versions 3.2.6 and prior are vulnerable to a PHP Object Injection attack from the cart cookie value stored in connection with this plugin. PoC Send an object to the site using the mpglobalcart cookie value and it will be...

WordPress Cart66 Lite 1.5.4 Cross Site Scripting

Title: WordPress 'Cart66 Lite :: WordPress Ecommerce' plugin - Reflected XSS Version: 1.5.4 Author: Morten Nørtoft, Kenneth Jepsen, Mikkel Vej Date: 2015/01/26 Download: https://wordpress.org/plugins/cart66-lite/ Contacted WordPress: 2015/01/26...