Simple Shopping Cart
Monthly
Unauthorized data access in the WordPress Simple Shopping Cart plugin (versions <= 5.2.9) allows remote unauthenticated attackers to retrieve sensitive information belonging to other users through an Insecure Direct Object Reference (IDOR) flaw. Per the CVSS vector (AV:N/AC:L/PR:N/UI:N), exploitation is network-reachable with low complexity and no authentication. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Unauthorized data access in the WordPress Simple Shopping Cart plugin (versions <= 5.2.9) allows remote unauthenticated attackers to retrieve sensitive information belonging to other users through an Insecure Direct Object Reference (IDOR) flaw. Per the CVSS vector (AV:N/AC:L/PR:N/UI:N), exploitation is network-reachable with low complexity and no authentication. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.