WordPress plugin WP eCommerce 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

WordPress WP eCommerce plugin <= 3.15.1 - Unauthenticated PHP Object Injection vulnerability

Unauthenticated PHP Object Injection vulnerability discovered by yiğit ibrahim sağlam in WordPress Plugin WP eCommerce versions = 3.15.1...

CVE-2024-1514

The WP eCommerce plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'cartcontents' parameter in all versions up to, and including, 3.15.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes ...

WordPress WordPress eCommerce Plugin – Studiocart Plugin < 2.5.20 is vulnerable to Cross Site Scripting (XSS)

Software WordPress eCommerce Plugin – Studiocart Type Plugin Vulnerable versions 2.5.20 Fixed in 2.5.20 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 5eb1bf45cbd4 Credits Rafie...

PT-2021-16136 · WordPress · Wordpress Simple Ecommerce Shopping Cart Plugin- Sell Products Through Paypal

Name of the Vulnerable Software and Affected Versions: WordPress Simple Ecommerce Shopping Cart Plugin- Sell products through Paypal plugin versions 2.2.5 and earlier Description: The issue allows any file, such as PHP, to be uploaded by an administrator due to a lack of checks for uploaded...