Cart66 Lite
Monthly
Directory traversal vulnerability in models/Cart66.php in the Cart66 Lite plugin before 1.5.4 for WordPress allows remote authenticated users to read arbitrary files via a .. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.
SQL injection vulnerability in models/Cart66Ajax.php in the Cart66 Lite plugin before 1.5.4 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the q parameter in a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
SQL injection vulnerability in the shortcodeProductsTable function in models/Cart66Ajax.php in the Cart66 Lite plugin before 1.5.2 for WordPress allows remote authenticated users to execute arbitrary. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Directory traversal vulnerability in models/Cart66.php in the Cart66 Lite plugin before 1.5.4 for WordPress allows remote authenticated users to read arbitrary files via a .. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.
SQL injection vulnerability in models/Cart66Ajax.php in the Cart66 Lite plugin before 1.5.4 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the q parameter in a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
SQL injection vulnerability in the shortcodeProductsTable function in models/Cart66Ajax.php in the Cart66 Lite plugin before 1.5.2 for WordPress allows remote authenticated users to execute arbitrary. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.