Sensitive Information Exposure in WP Simple Shopping Cart Plugin
CVE-2023-1431

5.3MEDIUM

Key Information:

Vendor: Wordpress
Status: WordPress Simple Shopping Cart
Vendor: CVE Published:; 16 March 2023

Summary

The WP Simple Shopping Cart plugin for WordPress has a vulnerability that allows unauthenticated attackers to access sensitive shopping cart data stored in a publicly accessible directory. This exposure affects versions up to 4.6.3 and could lead to unauthorized disclosure of personal information such as names, email addresses, and IP addresses, which are meant to be kept confidential within the administrative interface.

Affected Version(s)

WordPress Simple Shopping Cart 4.6.3

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/changeset?sfp_email=&s...

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 16, 2023
Vulnerability Reserved
Mar 16, 2023

Credit

Ayoub Safa