cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-12128,https://securityvulnerability.io/vulnerability/CVE-2024-12128,Reflected Cross-Site Scripting Vulnerability in Simple Ecommerce Shopping Cart Plugin for WordPress,"The Simple Ecommerce Shopping Cart Plugin- Sell products through Paypal plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘monthly_sales_current_year’ parameter in all versions up to, and including, 3.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.",Wordpress,Simple Ecommerce Shopping Cart Plugin- Sell Products Through Paypal,6.1,MEDIUM,0.0004600000102072954,false,,false,false,false,,false,false,2024-12-07T09:27:06.377Z,0
CVE-2024-12253,https://securityvulnerability.io/vulnerability/CVE-2024-12253,Unauthorized Access to Sell Products through Paypal Plugin for WordPress Due to Missing Capability Check,"The Simple Ecommerce Shopping Cart Plugin- Sell products through Paypal plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'save_settings', 'export_csv', and 'simpleecommcart-action' actions in all versions up to, and including, 3.1.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to update the plugins settings and retrieve order and log data (which is also accessible to unauthenticated users).",Wordpress,Simple Ecommerce Shopping Cart Plugin- Sell Products Through Paypal,5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-12-07T09:26:01.339Z,0
CVE-2021-24620,https://securityvulnerability.io/vulnerability/CVE-2021-24620,Simple eCommerce <= 2.2.5 - Arbitrary File Upload,"The WordPress Simple Ecommerce Shopping Cart Plugin- Sell products through Paypal plugin through 2.2.5 does not check for the uploaded Downloadable Digital product file, allowing any file, such as PHP to be uploaded by an administrator. Furthermore, as there is no CSRF in place, attackers could also make a logged admin upload a malicious PHP file, which would lead to RCE",Wordpress,WordPress Simple Ecommerce Shopping Cart Plugin- Sell Products Through Paypal,8.8,HIGH,0.0019600000232458115,false,,false,false,false,,false,false,2021-09-13T17:56:33.000Z,0