Tipsandtricks-hq Wp_estore
8 CVEs affecting Tipsandtricks-hq Wp_estore. Latest disclosed: 2024-08-12. Critical: 0, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-6075 | High | 8.8 | 2024-07-15 | The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not have CSRF checks in some places, which could allow attackers to make logged in users pe… |
CVE-2024-6133 | Medium | 6.5 | 2024-08-12 | The wp-cart-for-digital-products WordPress plugin before 8.5.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Ref… |
CVE-2024-6076 | Medium | 6.1 | 2024-07-15 | The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Ref… |
CVE-2024-6074 | Medium | 6.1 | 2024-07-15 | The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Ref… |
CVE-2024-6073 | Medium | 6.1 | 2024-07-15 | The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Ref… |
CVE-2024-6072 | Medium | 6.1 | 2024-07-15 | The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute… |
CVE-2024-6136 | Medium | 5.4 | 2024-08-12 | The wp-cart-for-digital-products WordPress plugin before 8.5.6 does not have CSRF checks in some places, which could allow attackers to make logged in users pe… |
CVE-2024-6134 | Medium | 5.4 | 2024-08-12 | The wp-cart-for-digital-products WordPress plugin before 8.5.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Ref… |