Skip to main content

Cart Lift CVE-2026-57417

| EUVDEUVD-2026-43345 HIGH
Cross-site Scripting (XSS) (CWE-79)
2026-07-13 Patchstack
7.1
CVSS 3.1 · Vendor: Patchstack
Share

Severity by source

Vendor (Patchstack) PRIMARY
7.1 HIGH
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
vuln.today AI
6.1 MEDIUM

Unauthenticated network injection (PR:N/AV:N) but stored payload needs a victim to view it (UI:R); scope change from browser context (S:C) with low confidentiality/integrity impact and no meaningful availability effect (A:N).

3.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
4.0 AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

Primary rating from Vendor (Patchstack).

CVSS VectorVendor: Patchstack

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
Low

Lifecycle Timeline

2
Analysis Generated
Jul 13, 2026 - 10:54 vuln.today
CVE Published
Jul 13, 2026 - 08:41 cve.org
HIGH 7.1

DescriptionCVE.org

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RexTheme Cart Lift cart-lift allows Stored XSS.This issue affects Cart Lift: from n/a through <= 3.1.57.

AnalysisAI

Stored cross-site scripting in the RexTheme Cart Lift WordPress plugin (versions up to and including 3.1.57) lets an attacker persist malicious JavaScript that executes in a victim's browser when the affected page is viewed. Because the CVSS scope is marked changed, injected script can affect resources beyond the vulnerable component, such as the WordPress admin session viewing abandoned-cart data. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Submit crafted input via Cart Lift capture form
Delivery
Payload stored unsanitized in plugin data
Exploit
Admin opens abandoned-cart dashboard
Execution
Stored script executes in admin browser
Impact
Hijack session or forge admin actions

Vulnerability AssessmentAI

Exploitation Exploitation requires the attacker to get a malicious value stored by Cart Lift (via its cart/lead capture inputs) and then requires a victim - most plausibly a WordPress administrator or staff member - to view the page where that stored value is rendered (UI:R in the CVSS vector). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The provided CVSS 3.1 score of 7.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L) reflects network reach, low complexity, no privileges, but required user interaction and only low-magnitude confidentiality/integrity/availability impact, elevated by a changed scope. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker submits a crafted cart or contact value containing a script payload through a customer-facing Cart Lift capture flow; the value is stored and later rendered when a store administrator opens the abandoned-cart dashboard, executing the script in the admin's authenticated session. Given the network vector and low complexity, the payload could attempt session/cookie theft or admin action forgery; no public POC is currently identified, so this remains a plausible rather than demonstrated chain.
Remediation No vendor-released patched version is identified in the provided data - the advisory only confirms all versions up to and including 3.1.57 are vulnerable - so administrators should monitor RexTheme/Patchstack (https://patchstack.com/database/Wordpress/Plugin/cart-lift/vulnerability/wordpress-cart-lift-plugin-3-1-57-cross-site-scripting-xss-vulnerability) for a release above 3.1.57 and upgrade to it as soon as it is published. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours, identify all WordPress instances running Cart Lift plugin version 3.1.57 or earlier and document customer exposure. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-57417 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy