Vulnerabilities > WP Ecommerce

DATE CVE VULNERABILITY TITLE RISK
2024-06-08 CVE-2024-35676 Unspecified vulnerability in Wp-Ecommerce Recurring Paypal Donations
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in wpecommerce Recurring PayPal Donations allows Stored XSS.This issue affects Recurring PayPal Donations: from n/a through 1.7.
network
low complexity
wp-ecommerce
5.4
2023-06-07 CVE-2019-25141 Missing Authorization vulnerability in Wp-Ecommerce Easy WP Smtp
The Easy WP SMTP plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 1.3.9.
network
low complexity
wp-ecommerce CWE-862
critical
9.8
2022-12-06 CVE-2022-42699 Unspecified vulnerability in Wp-Ecommerce Easy WP Smtp
Auth.
network
low complexity
wp-ecommerce
8.8
2022-12-06 CVE-2022-45829 Unspecified vulnerability in Wp-Ecommerce Easy WP Smtp
Auth.
network
low complexity
wp-ecommerce
8.1
2022-12-06 CVE-2022-45833 Unspecified vulnerability in Wp-Ecommerce Easy WP Smtp
Auth.
network
low complexity
wp-ecommerce
6.5
2022-10-31 CVE-2022-3334 Unspecified vulnerability in Wp-Ecommerce Easy WP Smtp
The Easy WP SMTP WordPress plugin before 1.5.0 unserialises the content of an imported file, which could lead to PHP object injection issue when an admin import (intentionally or not) a malicious file and a suitable gadget chain is present on the blog.
network
low complexity
wp-ecommerce
7.2
2020-12-14 CVE-2020-35234 Information Exposure Through Log Files vulnerability in Wp-Ecommerce Easy WP Smtp
The easy-wp-smtp plugin before 1.4.4 for WordPress allows Administrator account takeover, as exploited in the wild in December 2020.
network
low complexity
wp-ecommerce CWE-532
7.5
2017-04-24 CVE-2017-7723 Cross-site Scripting vulnerability in Wp-Ecommerce Easy WP Smtp
XSS exists in Easy WP SMTP (before 1.2.5), a WordPress Plugin, via the e-mail subject or body.
network
low complexity
wp-ecommerce CWE-79
6.1