Surecart
Monthly
Missing authorization controls in SureCart WordPress plugin versions up to 4.0.2 allow authenticated attackers to access or modify restricted data due to incorrectly configured access control security levels. With CVSS 6.3 (authenticated attack, low complexity, confidentiality/integrity/availability impact) and EPSS 0.02% exploitation probability, this represents a moderate-severity flaw affecting plugin deployments where user role separation is security-critical; no public exploit code or active exploitation has been confirmed.
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SureCart allows Reflected XSS.29.3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Missing authorization controls in SureCart WordPress plugin versions up to 4.0.2 allow authenticated attackers to access or modify restricted data due to incorrectly configured access control security levels. With CVSS 6.3 (authenticated attack, low complexity, confidentiality/integrity/availability impact) and EPSS 0.02% exploitation probability, this represents a moderate-severity flaw affecting plugin deployments where user role separation is security-critical; no public exploit code or active exploitation has been confirmed.
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SureCart allows Reflected XSS.29.3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.