Unknown Wp-Cart-For-Digital-Products vulnerabilities

8 known vulnerabilities affecting unknown/wp-cart-for-digital-products.

Total CVEs
8
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM7

Vulnerabilities

Page 1 of 1
CVE-2024-6133MEDIUMCVSS 6.5fixed in 8.5.62024-08-12
CVE-2024-6133 [MEDIUM] CWE-79 CVE-2024-6133: The wp-cart-for-digital-products WordPress plugin before 8.5.6 does not sanitise and escape a parame The wp-cart-for-digital-products WordPress plugin before 8.5.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
cvelistv5nvd
CVE-2024-6134MEDIUMCVSS 5.4fixed in 8.5.62024-08-12
CVE-2024-6134 [MEDIUM] CWE-79 CVE-2024-6134: The wp-cart-for-digital-products WordPress plugin before 8.5.6 does not sanitise and escape a parame The wp-cart-for-digital-products WordPress plugin before 8.5.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
cvelistv5nvd
CVE-2024-6136MEDIUMCVSS 5.4fixed in 8.5.62024-08-12
CVE-2024-6136 [MEDIUM] CWE-352 CVE-2024-6136: The wp-cart-for-digital-products WordPress plugin before 8.5.6 does not have CSRF checks in some pla The wp-cart-for-digital-products WordPress plugin before 8.5.6 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks
cvelistv5nvd
CVE-2024-6075HIGHCVSS 8.8fixed in 8.5.52024-07-15
CVE-2024-6075 [HIGH] CWE-352 CVE-2024-6075: The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not have CSRF checks in some pla The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks
cvelistv5nvd
CVE-2024-6076MEDIUMCVSS 6.1fixed in 8.5.52024-07-15
CVE-2024-6076 [MEDIUM] CWE-79 CVE-2024-6076: The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not sanitise and escape a parame The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
cvelistv5nvd
CVE-2024-6073MEDIUMCVSS 6.1fixed in 8.5.52024-07-15
CVE-2024-6073 [MEDIUM] CWE-79 CVE-2024-6073: The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not sanitise and escape a parame The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
cvelistv5nvd
CVE-2024-6072MEDIUMCVSS 6.1fixed in 8.5.52024-07-15
CVE-2024-6072 [MEDIUM] CWE-79 CVE-2024-6072: The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not escape the $_SERVER['REQUEST The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers
cvelistv5nvd
CVE-2024-6074MEDIUMCVSS 6.1fixed in 8.5.52024-07-15
CVE-2024-6074 [MEDIUM] CWE-79 CVE-2024-6074: The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not sanitise and escape a parame The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
cvelistv5nvd