| CVE-2024-9654 | Easy Digital Downloads 3.1 - 3.3.4 - Improper Authorization to Paywall Bypass | smub | Easy Digital Downloads – eCommerce Payments and Subscriptions made easy | Low | 3.7 | 2024-12-17 11:10:19 | Deep Dive |
| CVE-2024-10518 | ProfilePress < 4.15.15 - Admin+ Stored XSS | Unknown | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content | 中危 | - | 2024-12-12 06:00:18 | Deep Dive |
| CVE-2024-10517 | ProfilePress < 4.15.15 - Admin+ Stored XSS | Unknown | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content | 中危 | - | 2024-12-12 06:00:17 | Deep Dive |
| CVE-2024-12128 | Simple Ecommerce Shopping Cart Plugin- Sell products through Paypal <= 3.1.2 - Reflected Cross-Site Scripting via monthly_sales_current_year Parameter | nshowketgmailcom | Simple Ecommerce Shopping Cart Plugin- Sell products through Paypal | Medium | 6.1 | 2024-12-07 09:27:06 | Deep Dive |
| CVE-2024-12253 | Simple Ecommerce Shopping Cart Plugin- Sell products through Paypal <= 3.1.2 - Missing Authorization to Authenticated (Subscriber+) Settings Update / Data Access | nshowketgmailcom | Simple Ecommerce Shopping Cart Plugin- Sell products through Paypal | Medium | 5.4 | 2024-12-07 09:26:01 | Deep Dive |
| CVE-2024-11201 | myCred – Loyalty Points and Rewards plugin <= 2.7.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via mycred_send Shortcode | saadiqbal | Points Management System For Gamification, Ranks, Badges, and Loyalty Rewards Program – myCred | Medium | 6.4 | 2024-12-06 05:26:14 | Deep Dive |
| CVE-2024-11103 | Contest Gallery <= 24.0.7 - Unauthenticated Arbitrary Password Reset to Privilege Escalation/Account Takeover | contest-gallery | Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe | Critical | 9.8 | 2024-11-28 09:47:09 | Deep Dive |
| CVE-2024-11083 | ProfilePress <= 4.15.18 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure | properfraction | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress | Medium | 5.3 | 2024-11-27 05:31:54 | Deep Dive |
| CVE-2024-8442 | Prime Slider - Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider <= 3.15.18 - Authenticated (Contributor+) Stored Cross-Site Scripting via Blog Widget | bdthemes | Prime Slider – Addons for Elementor | Medium | 6.4 | 2024-11-07 12:30:53 | Deep Dive |
| CVE-2024-10687 | Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal, Social Share Buttons <= 24.0.3 - Unauthenticated SQL Injection | contest-gallery | Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe | Critical | 9.8 | 2024-11-05 09:30:59 | Deep Dive |
| CVE-2022-4974 | Freemius SDK <= 2.4.2 - Missing Authorization Checks | dashlabsltd | YASR – Yet Another Star Rating Plugin for WordPress | Medium | 6.3 | 2024-10-16 06:43:30 | Deep Dive |
| CVE-2024-48914 | Vendure asset server plugin has local file read vulnerability with AssetServerPlugin & LocalAssetStorageStrategy | vendure-ecommerce | vendure | Critical | 9.1 | 2024-10-15 16:08:29 | Deep Dive |
| CVE-2022-2439 | Easy Digital Downloads – Simple eCommerce for Selling Digital Files <= 3.3.3 - Authenticated (Admin+) PHAR Deserialization | smub | Easy Digital Downloads – eCommerce Payments and Subscriptions made easy | High | 7.2 | 2024-09-24 03:06:39 | Deep Dive |
| CVE-2024-7827 | Shopping Cart & eCommerce Store <= 5.7.2 - Authenticated (Contributor+) SQL Injection via model_number Parameter | levelfourstorefront | Shopping Cart & eCommerce Store | High | 8.8 | 2024-08-20 02:03:18 | Deep Dive |
| CVE-2024-6692 | Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) <= 3.3.2 - Authenticated (Admin+) Stored Cross-Site Scripting via Agreement Text | smub | Easy Digital Downloads – eCommerce Payments and Subscriptions made easy | Low | 3.3 | 2024-08-10 02:01:23 | Deep Dive |
| CVE-2024-6691 | Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) <= 3.3.2 - Authenticated (Admin+) Stored Cross-Site Scripting via Currency Settings | smub | Easy Digital Downloads – eCommerce Payments and Subscriptions made easy | Medium | 4.4 | 2024-08-10 02:01:20 | Deep Dive |
| CVE-2024-6872 | Build Your Dream Website Fast with 400+ Starter Templates and Landing Pages, No Coding Needed, One-Click Import for Elementor & Gutenberg Blocks! – TemplateSpare <= 2.4.2 - Missing Authorization to Authenticated (Subscriber+) Theme Update | templatespare | TemplateSpare – 1000+ WordPress Starter Templates & Full Site Migration Tool | 1-Click Import/Export & No-Code Builder | Medium | 4.3 | 2024-08-03 11:37:39 | Deep Dive |
| CVE-2024-7067 | kirilkirkov Ecommerce-Laravel-Bootstrap Cart.php getCartProductsIds deserialization | kirilkirkov | Ecommerce-Laravel-Bootstrap | Medium | 6.3 | 2024-07-24 14:00:07 | Deep Dive |
| CVE-2024-6526 | CodeIgniter Ecommerce-CodeIgniter-Bootstrap cross site scripting | CodeIgniter | Ecommerce-CodeIgniter-Bootstrap | Low | 3.5 | 2024-07-05 13:31:04 | Deep Dive |
| CVE-2024-5451 | The7 — Website and eCommerce Builder for WordPress <= 11.13.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via url Attribute | Dream-Theme | The7 — Website and eCommerce Builder for WordPress | Medium | 6.4 | 2024-06-25 13:53:22 | Deep Dive |