What this page helps you verify fast
This hub clusters tracked records for FluentCart A New Era of eCommerce – Faster, Lighter, and Simpler so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.
Review known vulnerability records for the WordPress plugin FluentCart A New Era of eCommerce – Faster, Lighter, and Simpler (`fluent-cart`), including severity, CVE references, affected versions, and patch status.
Recent tracked CVEs on this page include CVE-2025-67971 and CVE-2025-13495, so operators can jump from disclosure to patch validation without scanning the full feed first.
Pair this plugin vulnerability hub with practical WordPress hardening, scanner, and patch workflow guidance.
Review patch cadence, privileged access, XML-RPC exposure, backups, and monitoring controls.
Use ownership, update testing, least privilege, and removal criteria to reduce plugin risk.
Compare scanner coverage for plugin CVEs, version detection, alert noise, and remediation workflow.
Use the hub as a decision layer before opening individual records: confirm whether the issue has a CVE, whether a fixed version exists, and whether the affected range overlaps production installs.
Affected range: Versions before 1.3.0. Fixed version: 1.3.0.
Affected range: Versions up to 1.3.1. Fixed version: 1.3.2.
Start with the highest-signal CVE records for this WordPress plugin before scanning the full vulnerability feed.
| Tracked CVE | Issue Type | Affected Versions | Fixed Version | CVSS |
|---|---|---|---|---|
|
CVE-2025-67971
FluentCart < 1.3.0 - Unauthenticated Stored Cross-Site Scripting
|
Stored Cross-Site Scripting | Versions before 1.3.0 | 1.3.0 | CVSS 7.2 |
|
CVE-2025-13495
FluentCart A New Era of eCommerce <= 1.3.1 - Authenticated (Administrator+) SQL Inje...
|
SQL Injection | Versions up to 1.3.1 | 1.3.2 | CVSS 4.9 |
FluentCart < 1.3.0 - Unauthenticated Stored Cross-Site Scripting
FluentCart A New Era of eCommerce <= 1.3.1 - Authenticated (Administrator+) SQL Injection via 'groupKey' Parameter
This hub clusters tracked records for FluentCart A New Era of eCommerce – Faster, Lighter, and Simpler so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.
These recent records surface the CVE strings, patch cues, and direct report links most operators need first.
The FluentCart plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to 1.3.0 due to insufficient input sanitization and output escaping. This makes it possible fo...
The FluentCart plugin for WordPress is vulnerable to SQL Injection via the 'groupKey' parameter in all versions up to, and including, 1.3.1. This is due to insufficient escaping on the user...
Sorted by latest disclosure date so newly published issues surface first.
The FluentCart plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to 1.3.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whe...
The FluentCart plugin for WordPress is vulnerable to SQL Injection via the 'groupKey' parameter in all versions up to, and including, 1.3.1. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This make...