Skip to main content

Surecart

3 CVEs product

Monthly

CVE-2026-39488 MEDIUM This Month

Missing authorization controls in SureCart WordPress plugin versions up to 4.0.2 allow authenticated attackers to access or modify restricted data due to incorrectly configured access control security levels. With CVSS 6.3 (authenticated attack, low complexity, confidentiality/integrity/availability impact) and EPSS 0.02% exploitation probability, this represents a moderate-severity flaw affecting plugin deployments where user role separation is security-critical; no public exploit code or active exploitation has been confirmed.

Authentication Bypass Surecart
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2024-43970 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SureCart allows Reflected XSS.29.3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Surecart
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-41241 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Surecart
NVD
CVSS 3.1
4.8
EPSS
0.3%
EPSS 0% CVSS 6.5
MEDIUM This Month

Missing authorization controls in SureCart WordPress plugin versions up to 4.0.2 allow authenticated attackers to access or modify restricted data due to incorrectly configured access control security levels. With CVSS 6.3 (authenticated attack, low complexity, confidentiality/integrity/availability impact) and EPSS 0.02% exploitation probability, this represents a moderate-severity flaw affecting plugin deployments where user role separation is security-critical; no public exploit code or active exploitation has been confirmed.

Authentication Bypass Surecart
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SureCart allows Reflected XSS.29.3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Surecart
NVD
EPSS 0% CVSS 4.8
MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Surecart
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy