| CVE-2024-1862 | WooCommerce Add to Cart Custom Redirect <= 1.2.13 - Authenticated(Contributor+) Missing Authorization to Limited Arbitrary Options Update | forwardflip | Add to Cart Custom Redirect for WooCommerce | High | 8.1 | 2024-03-13 15:26:43 | Deep Dive |
| CVE-2024-2133 | Bdtask Isshue Multi Store eCommerce Shopping Cart Solution Manage Sale Page manage_invoice cross site scripting | Bdtask | Isshue Multi Store eCommerce Shopping Cart Solution | Low | 2.4 | 2024-03-02 23:31:04 | Deep Dive |
| CVE-2023-51533 | WordPress Ecwid Shopping Cart Plugin <= 6.12.4 is vulnerable to Cross Site Request Forgery (CSRF) | Ecwid Ecommerce | Ecwid Ecommerce Shopping Cart | Medium | 5.4 | 2024-02-28 18:38:06 | Deep Dive |
| CVE-2024-1294 | Sunshine Photo Cart: Free Client Galleries for Photographers <= 3.0.24 - Unauthenticated Sensitive Information Exposure via Invoice | sunshinephotocart | Sunshine Photo Cart – Client Photo Gallery & Photo Proofing for Photographers | Medium | 5.3 | 2024-02-20 18:56:49 | Deep Dive |
| CVE-2023-6497 | WordPress Simple Shopping Cart <= 4.7.1 - Authenticated(Administrator+) Stored Cross-Site Scripting | mra13 | Simple Shopping Cart | Medium | 4.4 | 2024-01-27 03:32:46 | Deep Dive |
| CVE-2023-6292 | Ecwid Ecommerce Shopping Cart < 6.12.5 - Arbitrary Plugin Settings Change via CSRF | Unknown | Ecwid Ecommerce Shopping Cart | 中危 | - | 2024-01-16 15:57:35 | Deep Dive |
| CVE-2023-50857 | WordPress Automation By Autonami Plugin <= 2.6.1 is vulnerable to SQL Injection | FunnelKit | Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit | High | 7.6 | 2023-12-28 10:57:47 | Deep Dive |
| CVE-2023-41796 | WordPress Sunshine Photo Cart Plugin < 3.0.0 is vulnerable to Insecure Direct Object References (IDOR) | WP Sunshine | Sunshine Photo Cart: Free Client Galleries for Photographers | Medium | 5.3 | 2023-12-20 13:42:22 | Deep Dive |
| CVE-2023-49153 | WordPress Add to Cart Text Changer and Customize Button, Add Custom Icon Plugin <= 2.0 is vulnerable to Cross Site Request Forgery (CSRF) | Saiful Islam | Add to Cart Text Changer and Customize Button, Add Custom Icon | Medium | 4.3 | 2023-12-18 22:10:58 | Deep Dive |
| CVE-2023-49854 | WordPress Caddy Plugin <= 1.9.7 is vulnerable to Cross Site Request Forgery (CSRF) | Tribe Interactive | Caddy – Smart Side Cart for WooCommerce | Medium | 5.4 | 2023-12-18 10:48:45 | Deep Dive |
| CVE-2023-49855 | WordPress BC Menu Bar Cart Icon For WooCommerce By Binary Carpenter Plugin <= 1.49.3 is vulnerable to Cross Site Request Forgery (CSRF) | BinaryCarpenter | Menu Bar Cart Icon For WooCommerce By Binary Carpenter | Medium | 6.5 | 2023-12-18 10:18:11 | Deep Dive |
| CVE-2023-47239 | WordPress Easy PayPal Shopping Cart Plugin <= 1.1.10 is vulnerable to Cross Site Scripting (XSS) | Scott Paterson | Easy PayPal Shopping Cart | Medium | 6.5 | 2023-11-16 18:58:14 | Deep Dive |
| CVE-2023-46629 | WordPress Remove Add to Cart WooCommerce Plugin <= 1.4.4 is vulnerable to Cross Site Request Forgery (CSRF) | themelocation | Remove Add to Cart WooCommerce | Medium | 4.3 | 2023-11-13 00:24:02 | Deep Dive |
| CVE-2023-44986 | WordPress Abandoned Cart Lite for WooCommerce Plugin <= 5.15.2 is vulnerable to Cross Site Scripting (XSS) | Tyche Softwares | Abandoned Cart Lite for WooCommerce | Medium | 5.9 | 2023-10-16 10:50:01 | Deep Dive |
| CVE-2023-28415 | WordPress Side Cart Woocommerce (Ajax) Plugin <= 2.2 is vulnerable to Cross Site Scripting (XSS) | XootiX | Side Cart Woocommerce (Ajax) | Medium | 5.9 | 2023-08-30 15:31:01 | Deep Dive |
| CVE-2023-4548 | SPA-Cart eCommerce CMS GET Parameter search sql injection | SPA-Cart | eCommerce CMS | Medium | 6.3 | 2023-08-26 09:31:05 | Deep Dive |
| CVE-2023-4547 | SPA-Cart eCommerce CMS search cross site scripting | SPA-Cart | eCommerce CMS | Low | 3.5 | 2023-08-26 09:00:07 | Deep Dive |
| CVE-2022-4888 | Multiple Plugins from Addify - Multiple CSRF | Unknown | Checkout Fields Manager | 中危 | - | 2023-07-31 09:37:33 | Deep Dive |
| CVE-2023-3023 | WP EasyCart <= 5.4.10 - Authenticated (Administrator+) SQL Injection via 'orderby' | levelfourstorefront | Shopping Cart & eCommerce Store | High | 7.2 | 2023-07-12 04:38:49 | Deep Dive |
| CVE-2021-4415 | Sunshine Photo Cart <= 2.8.28 - Cross-Site Request Forgery Bypass | sunshinephotocart | Sunshine Photo Cart – Client Photo Gallery & Photo Proofing for Photographers | Medium | 4.3 | 2023-07-12 03:40:45 | Deep Dive |