Tipsandtricks-hq

Wp Estore

8 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2024-6133

Exploit
  • EPSS 0.23%
  • Veröffentlicht 12.08.2024 13:38:38
  • Zuletzt bearbeitet 08.05.2025 19:39:41

The wp-cart-for-digital-products WordPress plugin before 8.5.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

5.4

CVE-2024-6134

Exploit
  • EPSS 0.29%
  • Veröffentlicht 12.08.2024 13:38:38
  • Zuletzt bearbeitet 08.05.2025 19:42:35

The wp-cart-for-digital-products WordPress plugin before 8.5.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

5.4

CVE-2024-6136

Exploit
  • EPSS 0.28%
  • Veröffentlicht 12.08.2024 13:38:38
  • Zuletzt bearbeitet 08.05.2025 19:42:54

The wp-cart-for-digital-products WordPress plugin before 8.5.6 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks

6.1

CVE-2024-6072

Exploit
  • EPSS 0.22%
  • Veröffentlicht 15.07.2024 06:15:02
  • Zuletzt bearbeitet 21.11.2024 09:48:53

The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers

6.1

CVE-2024-6073

Exploit
  • EPSS 0.17%
  • Veröffentlicht 15.07.2024 06:15:02
  • Zuletzt bearbeitet 21.11.2024 09:48:54

The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

6.1

CVE-2024-6074

Exploit
  • EPSS 0.27%
  • Veröffentlicht 15.07.2024 06:15:02
  • Zuletzt bearbeitet 21.11.2024 09:48:54

The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

8.8

CVE-2024-6075

Exploit
  • EPSS 0.42%
  • Veröffentlicht 15.07.2024 06:15:02
  • Zuletzt bearbeitet 21.11.2024 09:48:54

The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks

6.1

CVE-2024-6076

Exploit
  • EPSS 0.41%
  • Veröffentlicht 15.07.2024 06:15:02
  • Zuletzt bearbeitet 21.11.2024 09:48:54

The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin