Quick.Cart
CVE-2026-23797
MEDIUM
Severity by source
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
2DescriptionCVE.org
In Quick.Cart user passwords are stored in plaintext form. An attacker with high privileges can display users' password in user editing page.
The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version 6.7 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable.
AnalysisAI
Quick.Cart version 6.7 stores user passwords in plaintext, allowing authenticated administrators to retrieve plaintext credentials through the user editing interface. This vulnerability poses a significant risk in multi-administrator environments where high-privileged users may abuse account access. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Vulnerability AssessmentAI
| Risk Assessment | CVSS 4.9 (MEDIUM). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker could exploit this vulnerability to compromise the affected system. |
| Remediation | Monitor vendor advisories for a patch. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Quick.Cart
View allSession fixation vulnerability in Quick.Cart allows attackers to set a user's session identifier before authentication.
Quick.Cart is vulnerable to Local File Inclusion and Path Traversal issues in the theme selection mechanism. Quick.Cart
Quick.Cart is vulnerable to reflected XSS via the sSort parameter. An attacker can craft a malicious URL which, when ope
Same weakness CWE-256 – Plaintext Storage of a Password
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today