12 matches found
WordPress Simple Shopping Cart plugin <= 5.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'wpsc_display_product' Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'wpscdisplayproduct' Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Simple Shopping Cart versions = 5.2.4...
CVE-2025-3889
The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.3 via the 'processpaymentdata' due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to change the...
CVE-2023-1431
The WP Simple Shopping Cart plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.6.3 due to the plugin saving shopping cart data exports in a publicly accessible location /wp-content/plugins/wordpress-simple-paypal-shopping-cart/includes/admin/...
WordPress Shopping Cart & eCommerce Store plugin <= 5.2.4 - Arbitrary Design Settings Update via Cross-Site Request Forgery (CSRF) vulnerability
Arbitrary Design Settings Update via Cross-Site Request Forgery CSRF vulnerability discovered by WPScanTeam in WordPress Shopping Cart & eCommerce Store plugin versions = 5.2.4. Solution Update the WordPress Shopping Cart & eCommerce Store plugin to the latest available version at least 5.2.5...
WordPress Shopping Cart 3.0.4 --任意文件上传
受影响版本: WordPress Shopping Cart 3.0.4 日期: 29-10-2014 软件链接: https://wordpress.org/plugins/wp-easycart/ CVE: CVE-2014-9308 类别: 应用程序漏洞详情:任何注册用户都可以上传任何文件。上传点: wp-easycart\inc\amfphp\administration\banneruploaderscript.php$date = $POST'datemd5';$usersqlquery = sprintf"SELECT ecuser., ecrole.adminaccess...
CVE-2014-9308
Unrestricted file upload vulnerability in inc/amfphp/administration/banneruploaderscript.php in the WP EasyCart aka WordPress Shopping Cart plugin before 3.0.9 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a...
CVE-2014-9308
Unrestricted file upload vulnerability in inc/amfphp/administration/banneruploaderscript.php in the WP EasyCart aka WordPress Shopping Cart plugin before 3.0.9 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a...
WordPress Shopping Cart 3.0.4 Unrestricted File Upload
Exploit Title: WordPress Shopping Cart 3.0.4 Unrestricted File Upload Date: 29-10-2014 Software Link: https://wordpress.org/plugins/wp-easycart/ Exploit Author: Kacper Szurek Contact: http://twitter.com/KacperSzurek Website: http://security.szurek.pl/ CVE: CVE-2014-9308 Category: webapps 1...
WordPress Shopping Cart 3.0.4 - Unrestricted File Upload Vulnerability
Exploit for php platform in category web applications Exploit Title: WordPress Shopping Cart 3.0.4 Unrestricted File Upload Date: 29-10-2014 Software Link: https://wordpress.org/plugins/wp-easycart/ Exploit Author: Kacper Szurek Contact: http://twitter.com/KacperSzurek Website:...
WordPress Shopping Cart Plugin Multiple Vulnerabilities
WordPress Shopping Cart Plugin is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
WordPress Plugin Shopping Cart for WordPress - wp-contentpluginslevelfourstorefrontscriptsadministrationexportaccounts.php?reqID SQL Injection
WordPress Plugin Shopping Cart for WordPress - wp-contentpluginslevelfourstorefrontscriptsadministrationexportaccounts.php?reqID SQL Injection source: https://www.securityfocus.com/bid/57101/info The WordPress Shopping Cart plugin for WordPress is prone to multiple SQL-injection vulnerabilities a...
WordPress Plugin Shopping Cart for WordPress - wp-contentpluginslevelfourstorefrontscriptsadministrationbackup.php?reqID SQL Injection
WordPress Plugin Shopping Cart for WordPress - wp-contentpluginslevelfourstorefrontscriptsadministrationbackup.php?reqID SQL Injection source: https://www.securityfocus.com/bid/57101/info The WordPress Shopping Cart plugin for WordPress is prone to multiple SQL-injection vulnerabilities and an...