← Back

Wp Estore

wp_estore

Vendor: Tipsandtricks Hq • 8 CVEs

CVEs (8)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2024-6136
1Tipsandtricks Hq
1Wp Estore
May 8, 2025
Aug 12, 2024
N/A· v4
5.4 MEDIUM· v3
N/A· v2
The wp-cart-for-digital-products WordPress plugin before 8.5.6 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks
CVE-2024-6134
1Tipsandtricks Hq
1Wp Estore
May 8, 2025
Aug 12, 2024
N/A· v4
5.4 MEDIUM· v3
N/A· v2
The wp-cart-for-digital-products WordPress plugin before 8.5.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high...Show more
The wp-cart-for-digital-products WordPress plugin before 8.5.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as adminShow less
CVE-2024-6133
1Tipsandtricks Hq
1Wp Estore
May 8, 2025
Aug 12, 2024
N/A· v4
6.5 MEDIUM· v3
N/A· v2
The wp-cart-for-digital-products WordPress plugin before 8.5.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high...Show more
The wp-cart-for-digital-products WordPress plugin before 8.5.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as adminShow less
CVE-2024-6076
1Tipsandtricks Hq
1Wp Estore
Nov 21, 2024
Jul 15, 2024
N/A· v4
6.1 MEDIUM· v3
N/A· v2
The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high...Show more
The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as adminShow less
CVE-2024-6075
1Tipsandtricks Hq
1Wp Estore
Nov 21, 2024
Jul 15, 2024
N/A· v4
8.8 HIGH· v3
N/A· v2
The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks
CVE-2024-6074
1Tipsandtricks Hq
1Wp Estore
Nov 21, 2024
Jul 15, 2024
N/A· v4
6.1 MEDIUM· v3
N/A· v2
The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high...Show more
The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as adminShow less
CVE-2024-6073
1Tipsandtricks Hq
1Wp Estore
Nov 21, 2024
Jul 15, 2024
N/A· v4
6.1 MEDIUM· v3
N/A· v2
The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high...Show more
The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as adminShow less
CVE-2024-6072
1Tipsandtricks Hq
1Wp Estore
Nov 21, 2024
Jul 15, 2024
N/A· v4
6.1 MEDIUM· v3
N/A· v2
The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old we...Show more
The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsersShow less