CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2024-6072 – WP eStore < 8.5.5 - Reflected XSS via $_SERVER['REQUEST_URI']
https://notcve.org/view.php?id=CVE-2024-6072
24 Jun 2024 — The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers El complemento wp-cart-for-digital-products de WordPress anterior a 8.5.5 no escapa del parámetro $_SERVER['REQUEST_URI'] antes de devolverlo en un atributo, lo que podría generar cross-site scripting reflejado en navegadores web antiguos. The WP eStore plugin for WordPress is vul... • https://wpscan.com/vulnerability/1d8a344b-37e9-41e8-9de0-c67b7ca8e21b • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2024-6073 – WP eStore < 8.5.5 - Reflected XSS in Discount Editing
https://notcve.org/view.php?id=CVE-2024-6073
24 Jun 2024 — The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin El complemento wp-cart-for-digital-products de WordPress anterior a 8.5.5 no sanitiza ni escapa un parámetro antes de devolverlo a la página, lo que genera Cross-Site Scripting Reflejado que podría usarse contra usuarios con privilegios elevados, como el adminis... • https://wpscan.com/vulnerability/f04994bc-9eef-46de-995b-8598f7a749c4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2024-6074 – WP eStore < 8.5.5 - Reflected XSS in Customer Editing
https://notcve.org/view.php?id=CVE-2024-6074
24 Jun 2024 — The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin El complemento wp-cart-for-digital-products de WordPress anterior a 8.5.5 no sanitiza ni escapa un parámetro antes de devolverlo a la página, lo que genera Cross-Site Scripting Reflejado que podría usarse contra usuarios con privilegios elevados, como el adminis... • https://wpscan.com/vulnerability/e518af46-cb8e-43ff-a7c1-5300b36d9113 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-6075 – WP eStore < 8.5.5 - Coupon Deletion via CSRF
https://notcve.org/view.php?id=CVE-2024-6075
24 Jun 2024 — The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks El complemento wp-cart-for-digital-products de WordPress anterior a 8.5.5 no tiene comprobaciones CSRF en algunos lugares, lo que podría permitir a los atacantes hacer que los usuarios que han iniciado sesión realicen acciones no deseadas a través de ataques CSRF. The WP eStore plugin for WordPress is vulnerable... • https://wpscan.com/vulnerability/b0e2658a-b075-48b6-a9d9-e141194117fc • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2024-6076 – WP eStore < 8.5.5 - Reflected XSS in Category Editing
https://notcve.org/view.php?id=CVE-2024-6076
24 Jun 2024 — The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin El complemento wp-cart-for-digital-products de WordPress anterior a 8.5.5 no sanitiza ni escapa un parámetro antes de devolverlo a la página, lo que genera Cross-Site Scripting Reflejado que podría usarse contra usuarios con privilegios elevados, como el adminis... • https://wpscan.com/vulnerability/8369a2d8-1780-40c3-90ff-a826b9e9afd4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •