cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-0678,https://securityvulnerability.io/vulnerability/CVE-2024-0678,Stored Cross-Site Scripting Vulnerability in WP e-Commerce Plugin,"The Order Delivery Date for WP e-Commerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'available-days-tf' parameter in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Order Delivery Date for WP e-Commerce,6.1,MEDIUM,0.0005600000149570405,false,,false,false,false,,false,false,2024-02-05T21:21:49.043Z,0
CVE-2014-4559,https://securityvulnerability.io/vulnerability/CVE-2014-4559,,"Multiple cross-site scripting (XSS) vulnerabilities in test-plugin.php in the Swipe Checkout for WP e-Commerce plugin 3.1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) api_key, (2) payment_page_url, (3) merchant_id, (4) api_url, or (5) currency parameter.",Wordpress,Swipehq-payment-gateway-WP-e-commerce,6.1,MEDIUM,0.001820000004954636,false,,false,false,false,,false,false,2019-12-27T13:56:25.000Z,0
CVE-2017-17780,https://securityvulnerability.io/vulnerability/CVE-2017-17780,,"The Clockwork SMS clockwork-test-message.php component has XSS via a crafted ""to"" parameter in a clockwork-test-message request to wp-admin/admin.php. This component code is found in the following WordPress plugins: Clockwork Free and Paid SMS Notifications 2.0.3, Two-Factor Authentication - Clockwork SMS 1.0.2, Booking Calendar - Clockwork SMS 1.0.5, Contact Form 7 - Clockwork SMS 2.3.0, Fast Secure Contact Form - Clockwork SMS 2.1.2, Formidable - Clockwork SMS 1.0.2, Gravity Forms - Clockwork SMS 2.2, and WP e-Commerce - Clockwork SMS 2.0.5.",Wordpress,"Booking Calendar Sms,Clockwork Sms Notfications,Contact Form 7 Sms,Fast Secure Contact Form Sms,Formidable,Gravity Forms,Two-factor Authentication,WP E-commerce",6.1,MEDIUM,0.0010100000072270632,false,,false,false,false,,false,false,2017-12-20T03:00:00.000Z,0
CVE-2015-5468,https://securityvulnerability.io/vulnerability/CVE-2015-5468,,Directory traversal vulnerability in the WP e-Commerce Shop Styling plugin before 2.6 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter to includes/download.php.,Wordpress,WP E-commerce Shop Styling,7.5,HIGH,0.0206300001591444,false,,false,false,false,,false,false,2017-05-23T03:56:00.000Z,0
CVE-2012-5310,https://securityvulnerability.io/vulnerability/CVE-2012-5310,,SQL injection vulnerability in the WP e-Commerce plugin before 3.8.7.6 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors.,Wordpress,WP E-commerce,,,0.0013500000350177288,false,,false,false,false,,false,false,2012-10-08T17:00:00.000Z,0
CVE-2011-5104,https://securityvulnerability.io/vulnerability/CVE-2011-5104,,Cross-site scripting (XSS) vulnerability in wpsc-admin/display-sales-logs.php in WP e-Commerce plugin 3.8.7.1 and possibly earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the custom_text parameter.  NOTE: some of these details are obtained from third party information.,Wordpress,WP E-commerce,,,0.0036800000816583633,false,,false,false,false,,false,false,2012-08-23T20:00:00.000Z,0