Simple Shopping Cart

Vulnerabilities 11Slug wordpress-simple-paypal-shopping-cartLatest version 5.2.9WordPress.org →

Minimum safe version

5.2.5

Update to 5.2.5 or later to address 11 fixable vulnerabilities

Latest available5.2.9
N/A
2026-04-03< 5.2.5

Simple Shopping Cart <= 5.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'wpsc_display_product' Shortcode

WordfenceCVE
Medium 5.4
2025-04-30< 5.1.4

WordPress Simple PayPal Shopping Cart <= 5.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

WordfenceCVE
Medium 5.3
2025-04-30< 5.1.4

WordPress Simple PayPal Shopping Cart <= 5.1.3 - Insecure Direct Object Reference via 'quantity'

WordfenceCVE
Medium 6.5
2025-04-30< 5.1.4

WordPress Simple PayPal Shopping Cart <= 5.1.3 - Insecure Direct Object Reference

WordfenceCVE
High 8.2
2025-04-22< 5.1.3

WordPress Simple PayPal Shopping Cart <= 5.1.2 - Unauthenticated Information Exposure via file_url Parameter

WordfenceCVE
High 7.5
2025-04-22< 5.1.3

WordPress Simple PayPal Shopping Cart <= 5.1.2 - Unauthenticated Product Price Manipulation

WordfenceCVE
Medium 4.8
2024-01-29< 4.7.2

WordPress Simple Shopping Cart Plugin <= 4.7.1 is vulnerable to Cross Site Scripting (XSS)

PatchstackCVEWordfenceWPScan