Simple shopping cart

This hub aggregates every CVE we track for Simple shopping cart, a product in the web cms plugins space. Use it to gauge the current risk picture and drill into individual advisories.

Web & CMS Plugins

CVEs tracked

Critical

High

In CISA KEV

Severity distribution

MEDIUM8HIGH7

Monthly trend

2024-072026-06

Latest CVEs

See all →

The 15 most recently published vulnerabilities affecting Simple shopping cart.

CVE-2026-48868WordPress Simple Shopping Cart plugin <= 5.2.9 - Insecure Direct Object References (IDOR) vulnerability7.5Jun 15, 2026
CVE-2026-0552Simple Shopping Cart <= 5.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'wpsc_display_product' Shortcode6.4Apr 4, 2026
CVE-2025-14248code-projects Simple Shopping Cart adminlogin.php sql injection7.3Dec 8, 2025
CVE-2025-14247code-projects Simple Shopping Cart additems.php sql injection6.3Dec 8, 2025
CVE-2025-14246code-projects Simple Shopping Cart settings.php sql injection6.3Dec 8, 2025
CVE-2025-7609code-projects Simple Shopping Cart register.php sql injection7.3Jul 14, 2025
CVE-2025-7608code-projects Simple Shopping Cart userlogin.php sql injection7.3Jul 14, 2025
CVE-2025-7607code-projects Simple Shopping Cart save_order.php sql injection7.3Jul 14, 2025
CVE-2025-3890WordPress Simple PayPal Shopping Cart <= 5.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode6.4May 1, 2025
CVE-2025-3874WordPress Simple PayPal Shopping Cart <= 5.1.3 - Insecure Direct Object Reference6.5May 1, 2025
CVE-2025-3889WordPress Simple PayPal Shopping Cart <= 5.1.3 - Insecure Direct Object Reference via 'quantity'5.3May 1, 2025
CVE-2025-3529WordPress Simple PayPal Shopping Cart <= 5.1.2 - Unauthenticated Information Exposure via file_url Parameter8.2Apr 23, 2025
CVE-2025-3530WordPress Simple PayPal Shopping Cart <= 5.1.2 - Unauthenticated Product Price Manipulation7.5Apr 23, 2025
CVE-2024-12622WordPress Simple Shopping Cart <= 5.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting6.4Dec 24, 2024
CVE-2023-6497WordPress Simple Shopping Cart <= 4.7.1 - Authenticated(Administrator+) Stored Cross-Site Scripting4.4Jan 27, 2024

Product normalization is registry-driven with AI assist and human review. How it works