| CVE-2024-2302 | Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) <= 3.2.9 - Sensitive Information Exposure | smub | Easy Digital Downloads – eCommerce Payments and Subscriptions made easy | Medium | 5.3 | 2024-04-09 18:58:30 | Deep Dive |
| CVE-2024-1806 | ProfilePress <= 4.15.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via profilepress-edit-profile Shortcode | properfraction | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress | Medium | 6.4 | 2024-03-13 15:27:17 | Deep Dive |
| CVE-2024-1409 | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress <= 4.15.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via [reg-select-role] Shortcode | properfraction | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress | Medium | 6.4 | 2024-03-13 15:26:49 | Deep Dive |
| CVE-2024-1535 | ProfilePress <= 4.15.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | properfraction | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress | Medium | 6.4 | 2024-03-13 15:26:44 | Deep Dive |
| CVE-2024-1507 | Prime Slider – Addons For Elementor <= 3.13.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Rubix Widget | bdthemes | Prime Slider – Addons for Elementor | Medium | 6.4 | 2024-03-13 13:52:12 | Deep Dive |
| CVE-2024-1508 | Prime Slider – Addons For Elementor <= 3.13.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Mercury Widget | bdthemes | Prime Slider – Addons for Elementor | Medium | 6.4 | 2024-03-13 13:52:12 | Deep Dive |
| CVE-2024-2351 | CodeAstro Ecommerce Site Search action.php sql injection | CodeAstro | Ecommerce Site | Medium | 6.3 | 2024-03-09 22:31:09 | Deep Dive |
| CVE-2024-1506 | Prime Slider – Addons For Elementor <= 3.13.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Fiestar Widget | bdthemes | Prime Slider – Addons for Elementor | Medium | 6.4 | 2024-03-07 06:59:45 | Deep Dive |
| CVE-2024-2133 | Bdtask Isshue Multi Store eCommerce Shopping Cart Solution Manage Sale Page manage_invoice cross site scripting | Bdtask | Isshue Multi Store eCommerce Shopping Cart Solution | Low | 2.4 | 2024-03-02 23:31:04 | Deep Dive |
| CVE-2023-51533 | WordPress Ecwid Shopping Cart Plugin <= 6.12.4 is vulnerable to Cross Site Request Forgery (CSRF) | Ecwid Ecommerce | Ecwid Ecommerce Shopping Cart | Medium | 5.4 | 2024-02-28 18:38:06 | Deep Dive |
| CVE-2024-1516 | WP eCommerce <= 3.15.1 - Missing Authorization to Unauthenticated Arbitrary Post Creation | justinsainton | WP eCommerce | Medium | 5.3 | 2024-02-28 08:33:11 | Deep Dive |
| CVE-2024-1514 | WP eCommerce <= 3.15.1 - Unauthenticated SQL Injection | justinsainton | WP eCommerce | Critical | 9.8 | 2024-02-28 08:33:05 | Deep Dive |
| CVE-2024-1408 | ProfilePress <= 4.14.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via [edit-profile-text-box] shortcode | properfraction | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress | Medium | 6.4 | 2024-02-20 18:56:34 | Deep Dive |
| CVE-2024-1519 | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress <= 4.14.4 - Unauthenticated Stored Cross-Site Scripting | properfraction | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress | Medium | 6.5 | 2024-02-20 18:56:31 | Deep Dive |
| CVE-2024-1570 | ProfilePress <= 4.14.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | properfraction | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress | Medium | 6.4 | 2024-02-20 18:56:30 | Deep Dive |
| CVE-2024-1046 | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress <= 4.14.3 - Authenticated (Contributor+) Stored Cross-Site Scripting | properfraction | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress | Medium | 6.4 | 2024-02-05 21:21:51 | Deep Dive |
| CVE-2024-0659 | Easy Digital Downloads <= 3.2.6 - Authenticated(Shop Manager+) Stored Cross-Site Scripting via variable pricing options | smub | Easy Digital Downloads – eCommerce Payments and Subscriptions made easy | Medium | 5.5 | 2024-02-05 21:21:36 | Deep Dive |
| CVE-2023-51684 | WordPress Easy Digital Downloads Plugin <= 3.2.5 is vulnerable to Cross Site Scripting (XSS) | Easy Digital Downloads | Easy Digital Downloads – Sell Digital Files (eCommerce Store & Payments Made Easy) | Medium | 6.5 | 2024-02-01 10:34:37 | Deep Dive |
| CVE-2022-45083 | WordPress ProfilePress Plugin <= 4.3.2 is vulnerable to PHP Object Injection | ProfilePress Membership Team | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress | Medium | 6.6 | 2024-01-19 14:37:19 | Deep Dive |
| CVE-2023-6292 | Ecwid Ecommerce Shopping Cart < 6.12.5 - Arbitrary Plugin Settings Change via CSRF | Unknown | Ecwid Ecommerce Shopping Cart | 中危 | - | 2024-01-16 15:57:35 | Deep Dive |