SMTP WP Plugin Directory Listing

The WordPress Easy WP SMTP Plugin has its log folder remotely accessible and its content available for access. id: CVE-2020-35234 info: name: SMTP WP Plugin Directory Listing author: PR3R00T severity: high description: The WordPress Easy WP SMTP Plugin has its log folder remotely accessible and i...

EUVD-2024-52921

Malicious code in bioql PyPI...

CVE-2024-1516

The WP eCommerce plugin for WordPress is vulnerable to unauthorized arbitrary post creation due to a missing capability check on the checkforsaaspush function in all versions up to, and including, 3.15.1. This makes it possible for unauthenticated attackers to create arbitrary posts with arbitrar...

CVE-2024-56023

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PerfectSolution WP eCommerce Quickpay wp-ecommerce-quickpay allows Reflected XSS.This issue affects WP eCommerce Quickpay: from n/a through = 1.1.0...

CVE-2024-56023

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PerfectSolution WP eCommerce Quickpay wp-ecommerce-quickpay allows Reflected XSS.This issue affects WP eCommerce Quickpay: from n/a through = 1.1.0...

CVE-2024-56023 WordPress WP eCommerce Quickpay plugin <= 1.1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PerfectSolution WP eCommerce Quickpay wp-ecommerce-quickpay allows Reflected XSS.This issue affects WP eCommerce Quickpay: from n/a through = 1.1.0...

CVE-2024-56023

CVE-2024-56023 is a reflected XSS in WP eCommerce Quickpay (

Design/Logic Flaw

The WP eCommerce plugin for WordPress is vulnerable to unauthorized arbitrary post creation due to a missing capability check on the checkforsaaspush function in all versions up to, and including, 3.15.1. This makes it possible for unauthenticated attackers to create arbitrary posts with arbitrar...

Sql injection

The WP eCommerce plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'cartcontents' parameter in all versions up to, and including, 3.15.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes ...

CVE-2024-1516

CVE-2024-1516 : WP eCommerce for WordPress suffers unauthorized arbitrary post creation due to a missing capability check in check_for_saas_push() in all versions up to 3.15.1. The vulnerability is exploitable by unauthenticated actors to create posts with arbitrary content. Technical details spe...

CVE-2024-1514

CVE-2024-1514 affects the WP eCommerce plugin for WordPress. It allows time-based blind SQL injection via the cart_contents parameter in all versions up to 3.15.1 due to insufficient escaping and lack of prepared statements, enabling unauthenticated attackers to append SQL to existing queries to ...

CVE-2024-1514 WP eCommerce <= 3.15.1 - Unauthenticated SQL Injection

The WP eCommerce plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'cartcontents' parameter in all versions up to, and including, 3.15.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes ...

WordPress WP eCommerce Plugin <= 3.15.1 is vulnerable to SQL Injection

Software WP eCommerce Type Plugin Vulnerable versions = 3.15.1 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-1514 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID f754fed772bb Credits Krzysztof Zając Required privilege Unauthenticated...

Remote file download vulnerability in wordpress plugin wp-ecommerce-shop-styling v2.5

Title: Remote file download vulnerability in wordpress plugin wp-ecommerce-shop-styling v2.5 Author: Larry W. Cashdollar, @larry0 Date: 2015-07-05 Download Site: https://wordpress.org/plugins/wp-ecommerce-shop-styling Vendor: https://profiles.wordpress.org/haet/ Vendor Notified: 2015-07-05, fixed...

WP eCommerce <= 3.8.7.5 - Unspecified SQL Injection

The WP eCommerce WordPress plugin was affected by an Unspecified SQL Injection security vulnerability...

WordPress WP-Ecommerce with Bradesco Gateway 'falha.php' XSS Vulnerability

WordPress WP-Ecommerce with Bradesco Gateway Plugin is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

CVE-2013-0724

PHP remote file inclusion vulnerability in includes/generate-pdf.php in the WP ecommerce Shop Styling plugin for WordPress before 1.8 allows remote attackers to execute arbitrary PHP code via a URL in the dompdf parameter...

CVE-2011-5104

Cross-site scripting XSS vulnerability in wpsc-admin/display-sales-logs.php in WP e-Commerce plugin 3.8.7.1 and possibly earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the customtext parameter. NOTE: some of these details are obtained from third party...