Lucene search
+L

12 matches found

patchstack
patchstack
added 2026/04/03 11:2 p.m.5 views

WordPress Simple Shopping Cart plugin <= 5.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'wpsc_display_product' Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'wpscdisplayproduct' Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Simple Shopping Cart versions = 5.2.4...

6.4CVSS5.9AI score0.00195EPSS
Exploits0References1Affected Software1
osv
osv
added 2025/05/01 12:15 p.m.4 views

CVE-2025-3889

The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.3 via the 'processpaymentdata' due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to change the...

5.3CVSS5.7AI score0.00302EPSS
Exploits0References5
osv
osv
added 2023/03/16 1:15 p.m.3 views

CVE-2023-1431

The WP Simple Shopping Cart plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.6.3 due to the plugin saving shopping cart data exports in a publicly accessible location /wp-content/plugins/wordpress-simple-paypal-shopping-cart/includes/admin/...

5.3CVSS6.6AI score0.00549EPSS
Exploits0References2
patchstack
patchstack
added 2022/03/28 12:0 a.m.10 views

WordPress Shopping Cart & eCommerce Store plugin <= 5.2.4 - Arbitrary Design Settings Update via Cross-Site Request Forgery (CSRF) vulnerability

Arbitrary Design Settings Update via Cross-Site Request Forgery CSRF vulnerability discovered by WPScanTeam in WordPress Shopping Cart & eCommerce Store plugin versions = 5.2.4. Solution Update the WordPress Shopping Cart & eCommerce Store plugin to the latest available version at least 5.2.5...

4.4AI score
Exploits0References2Affected Software1
seebug
seebug
added 2015/08/31 12:0 a.m.30 views

WordPress Shopping Cart 3.0.4 --任意文件上传

受影响版本: WordPress Shopping Cart 3.0.4 日期: 29-10-2014 软件链接: https://wordpress.org/plugins/wp-easycart/ CVE: CVE-2014-9308 类别: 应用程序漏洞详情:任何注册用户都可以上传任何文件。上传点: wp-easycart\inc\amfphp\administration\banneruploaderscript.php$date = $POST'datemd5';$usersqlquery = sprintf"SELECT ecuser., ecrole.adminaccess...

6.5CVSS6.5AI score0.51617EPSS
Exploits7
nvd
nvd
added 2015/01/15 3:59 p.m.26 views

CVE-2014-9308

Unrestricted file upload vulnerability in inc/amfphp/administration/banneruploaderscript.php in the WP EasyCart aka WordPress Shopping Cart plugin before 3.0.9 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a...

6.5CVSS7.1AI score0.51617EPSS
Exploits7References6
cvelist
cvelist
added 2015/01/15 3:0 p.m.27 views

CVE-2014-9308

Unrestricted file upload vulnerability in inc/amfphp/administration/banneruploaderscript.php in the WP EasyCart aka WordPress Shopping Cart plugin before 3.0.9 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a...

7.1AI score0.51617EPSS
Exploits7References6
packetstorm
packetstorm
added 2015/01/09 12:0 a.m.35 views

WordPress Shopping Cart 3.0.4 Unrestricted File Upload

Exploit Title: WordPress Shopping Cart 3.0.4 Unrestricted File Upload Date: 29-10-2014 Software Link: https://wordpress.org/plugins/wp-easycart/ Exploit Author: Kacper Szurek Contact: http://twitter.com/KacperSzurek Website: http://security.szurek.pl/ CVE: CVE-2014-9308 Category: webapps 1...

6.5CVSS0.4AI score0.51617EPSS
Exploits7
zdt
zdt
added 2015/01/08 12:0 a.m.56 views

WordPress Shopping Cart 3.0.4 - Unrestricted File Upload Vulnerability

Exploit for php platform in category web applications Exploit Title: WordPress Shopping Cart 3.0.4 Unrestricted File Upload Date: 29-10-2014 Software Link: https://wordpress.org/plugins/wp-easycart/ Exploit Author: Kacper Szurek Contact: http://twitter.com/KacperSzurek Website:...

6.5CVSS0.4AI score0.51617EPSS
Exploits7
openvas
openvas
added 2013/01/17 12:0 a.m.15 views

WordPress Shopping Cart Plugin Multiple Vulnerabilities

WordPress Shopping Cart Plugin is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

7.3AI score
Exploits0References5
exploitpack
exploitpack
added 2013/01/01 12:0 a.m.12 views

WordPress Plugin Shopping Cart for WordPress - wp-contentpluginslevelfourstorefrontscriptsadministrationexportaccounts.php?reqID SQL Injection

WordPress Plugin Shopping Cart for WordPress - wp-contentpluginslevelfourstorefrontscriptsadministrationexportaccounts.php?reqID SQL Injection source: https://www.securityfocus.com/bid/57101/info The WordPress Shopping Cart plugin for WordPress is prone to multiple SQL-injection vulnerabilities a...

0.5AI score
Exploits0
exploitpack
exploitpack
added 2013/01/01 12:0 a.m.11 views

WordPress Plugin Shopping Cart for WordPress - wp-contentpluginslevelfourstorefrontscriptsadministrationbackup.php?reqID SQL Injection

WordPress Plugin Shopping Cart for WordPress - wp-contentpluginslevelfourstorefrontscriptsadministrationbackup.php?reqID SQL Injection source: https://www.securityfocus.com/bid/57101/info The WordPress Shopping Cart plugin for WordPress is prone to multiple SQL-injection vulnerabilities and an...

0.5AI score
Exploits0
Rows per page
Query Builder