Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
e-commerce vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2015-5468
Directory traversal vulnerability in the WP e-Commerce Shop Styling plugin prior to 2.6 for WordPress allows remote malicious users to read arbitrary files via a .. (dot dot) in the filename parameter to includes/download.php.
Wpshopstyling Wp E-commerce Shop Styling
1 EDB exploit
7.5
CVSSv2
CVE-2007-0232
PHP remote file inclusion vulnerability in routines/fieldValidation.php in Jshop Server 1.3 allows remote malicious users to execute arbitrary PHP code via a URL in the jssShopFileSystem parameter.
Jshop E-commerce Jshop Server 1.3
1 EDB exploit
3.5
CVSSv2
CVE-2006-4360
Cross-site scripting (XSS) vulnerability in E-commerce 4.7 for Drupal before file.module 1.37.2.4 (20060812) allows remote authenticated users with the "create products" permission to inject arbitrary web script or HTML via unspecified vectors.
Drupal Drupal E-commerce Module 4.7
4.3
CVSSv2
CVE-2004-1738
Cross-site scripting (XSS) vulnerability in page.php in JShop allows remote malicious users to inject arbitrary web script or HTML via the xPage parameter.
Jshop E-commerce Jshop Server 1.2
NA
CVE-2023-46642
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in sahumedia SAHU TikTok Pixel for E-Commerce plugin <= 1.2.2 versions.
Sahu Sahu Tiktok Pixel For E-commerce
6.8
CVSSv2
CVE-2009-4925
Multiple SQL injection vulnerabilities in Portale e-commerce Creasito (aka creasito e-commerce content manager) 1.3.16, when magic_quotes_gpc is disabled, allow remote malicious users to execute arbitrary SQL commands via the username parameter to (1) admin/checkuser.php and (2) ...
Creasito Creasito E-commerce Content Manager 1.3.16
1 EDB exploit
4.3
CVSSv2
CVE-2014-4559
Multiple cross-site scripting (XSS) vulnerabilities in test-plugin.php in the Swipe Checkout for WP e-Commerce plugin 3.1.0 and previous versions for WordPress allow remote malicious users to inject arbitrary web script or HTML via the (1) api_key, (2) payment_page_url, (3) merch...
Cybercompay Swipehq-payment-gateway-wp-e-commerce
7.5
CVSSv2
CVE-2006-6041
Multiple PHP remote file inclusion vulnerabilities in Laurent Van den Reysen WORK system e-commerce 3.0.2, and other versions prior to 3.0.4, allow remote malicious users to execute arbitrary PHP code via a URL in the g_include parameter to (1) index.php, (2) module/forum/forum.p...
Laurent Van Den Reysen Work System E-commerce
1 EDB exploit
7.5
CVSSv2
CVE-2010-3210
Multiple PHP remote file inclusion vulnerabilities in Multi-lingual E-Commerce System 0.2 allow remote malicious users to execute arbitrary PHP code via a URL in the include_path parameter to (1) checkout2-CYM.php, (2) checkout2-EN.php, (3) checkout2-FR.php, (4) cat-FR.php, (5) c...
Martin Lee Multi-lingual E-commerce System 0.2
1 EDB exploit
NA
CVE-2023-41859
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Ashok Rane Order Delivery Date for WP e-Commerce plugin <= 1.2 versions.
Tychesoftwares Order Delivery Date For Wp E-commerce
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-40673
CVE-2024-36674
CVE-2024-27348
unspecified
CVE-2024-24919
CVE-2024-4870
malicious code
CVE-2024-2019
hard-coded
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »