Skip to main content

Wordpress Simple Paypal Shopping Cart

6 CVEs product

Monthly

CVE-2025-3890 MEDIUM This Month

The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wp_cart_button' shortcode in all versions up to, and including, 5.1.3 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Wordpress Simple Paypal Shopping Cart PHP
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2025-3889 MEDIUM PATCH This Month

The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.3 via the 'process_payment_data' due to missing. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

WordPress Authentication Bypass Wordpress Simple Paypal Shopping Cart PHP
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2025-3874 MEDIUM PATCH This Month

The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.3 due to lack of randomization of a user controlled. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

WordPress Authentication Bypass Wordpress Simple Paypal Shopping Cart PHP
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-6497 MEDIUM PATCH This Month

The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the automatic redirect URL setting in all versions up to and including 4.7.1 due to. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Wordpress Simple Paypal Shopping Cart
NVD VulDB
CVSS 3.1
4.4
EPSS
0.1%
CVE-2023-1431 MEDIUM This Month

The WP Simple Shopping Cart plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.6.3 due to the plugin saving shopping cart data exports in a. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure WordPress Wordpress Simple Paypal Shopping Cart
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2013-2705 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in the WordPress Simple Paypal Shopping Cart plugin before 3.6 for WordPress allows remote attackers to hijack the authentication of administrators for. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF WordPress Wordpress Simple Paypal Shopping Cart
NVD
CVSS 2.0
6.8
EPSS
0.1%
EPSS 0% CVSS 6.4
MEDIUM This Month

The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wp_cart_button' shortcode in all versions up to, and including, 5.1.3 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Wordpress Simple Paypal Shopping Cart +1
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.3 via the 'process_payment_data' due to missing. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

WordPress Authentication Bypass Wordpress Simple Paypal Shopping Cart +1
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.3 due to lack of randomization of a user controlled. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

WordPress Authentication Bypass Wordpress Simple Paypal Shopping Cart +1
NVD
EPSS 0% CVSS 4.4
MEDIUM PATCH This Month

The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the automatic redirect URL setting in all versions up to and including 4.7.1 due to. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Wordpress Simple Paypal Shopping Cart
NVD VulDB
EPSS 1% CVSS 5.3
MEDIUM This Month

The WP Simple Shopping Cart plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.6.3 due to the plugin saving shopping cart data exports in a. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure WordPress Wordpress Simple Paypal Shopping Cart
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in the WordPress Simple Paypal Shopping Cart plugin before 3.6 for WordPress allows remote attackers to hijack the authentication of administrators for. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF WordPress Wordpress Simple Paypal Shopping Cart
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy