Skip to main content

Cart Lift

1 CVEs product

Monthly

CVE-2026-57417 HIGH This Week

Stored cross-site scripting in the RexTheme Cart Lift WordPress plugin (versions up to and including 3.1.57) lets an attacker persist malicious JavaScript that executes in a victim's browser when the affected page is viewed. Because the CVSS scope is marked changed, injected script can affect resources beyond the vulnerable component, such as the WordPress admin session viewing abandoned-cart data. No public exploit has been identified at time of analysis and the issue is not listed in CISA KEV, but stored XSS in a customer-facing e-commerce recovery plugin is a realistic session-hijacking and admin-compromise vector.

XSS Cart Lift
NVD
CVSS 3.1
7.1
EPSS
0.3%
EPSS 0% CVSS 7.1
HIGH This Week

Stored cross-site scripting in the RexTheme Cart Lift WordPress plugin (versions up to and including 3.1.57) lets an attacker persist malicious JavaScript that executes in a victim's browser when the affected page is viewed. Because the CVSS scope is marked changed, injected script can affect resources beyond the vulnerable component, such as the WordPress admin session viewing abandoned-cart data. No public exploit has been identified at time of analysis and the issue is not listed in CISA KEV, but stored XSS in a customer-facing e-commerce recovery plugin is a realistic session-hijacking and admin-compromise vector.

XSS Cart Lift
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy