VulnTitan VulnTitan Security command center
Plugin Vulnerability Hub
Plugin 8 known issues Latest disclosed Jul 19, 2024

WP eStore Vulnerabilities

Review known vulnerability records for the WordPress plugin WP eStore (`wp-cart-for-digital-products`), including severity, CVE references, affected versions, and patch status.

Recent tracked CVEs on this page include CVE-2024-6136, CVE-2024-6133 and CVE-2024-6134, so operators can jump from disclosure to patch validation without scanning the full feed first.

View on WordPress.org Back to Feed
Known Records
8
High or Critical
0
Patch Coverage
100%
Last Updated
Aug 12, 2024
Priority CVE Quick Links

Fast paths into WP eStore CVE reports

Start with the highest-signal CVE records for this WordPress plugin before scanning the full vulnerability feed.

Indexed CVEs
8
CVE-2024-6133 Medium 8.5.6
CVE-2024-6133 WP eStore Cross-Site Scripting

WP eStore <= 8.5.5 - Reflected Cross-Site Scripting via Customer Search

CVE-2024-6134 Medium 8.5.6
CVE-2024-6134 WP eStore Cross-Site Scripting

WP eStore <= 8.5.5 - Reflected Cross-Site Scripting via Product Editing

CVE-2024-6073 Medium 8.5.5
CVE-2024-6073 WP eStore Cross-Site Scripting

WP eStore <= 8.5.4 - Reflected Cross-Site Scripting via Discount Editing

CVE-2024-6076 Medium 8.5.5
CVE-2024-6076 WP eStore Cross-Site Scripting

WP eStore <= 8.5.4 - Reflected Cross-Site Scripting via Category Editing

CVE-2024-6074 Medium 8.5.5
CVE-2024-6074 WP eStore Cross-Site Scripting

WP eStore <= 8.5.4 - Reflected Cross-Site Scripting via Customer Editing

CVE-2024-6072 Medium 8.5.5
CVE-2024-6072 WP eStore Cross-Site Scripting

WP eStore <= 8.5.4 - Reflected Cross-Site Scripting via REQUEST_URI

CVE-2024-6136 Medium 8.5.6
CVE-2024-6136 WP eStore Cross-Site Request Forgery

WP eStore <= 8.5.5 - Cross-Site Request Forgery to Settings Reset

CVE-2024-6075 Medium 8.5.5
CVE-2024-6075 WP eStore Cross-Site Request Forgery

WP eStore <= 8.5.4 - Cross-Site Request Forgery to Coupon Deletion

Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for WP eStore so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.

Patch Visibility
8 records include a published patch path, leaving 0 with no listed safe release yet.
Severity Mix
0 critical and 0 high severity findings.
Recent CVEs
CVE-2024-6136, CVE-2024-6133 and CVE-2024-6134
Reference Workflow
Jump from the hub into the full report when you need remediation notes, exploit context, CVSS vectors, or source references.
Triage First

Open the records most likely to drive action

These recent records surface the CVE strings, patch cues, and direct report links most operators need first.

Known Vulnerabilities

Reports for WP eStore

Sorted by latest disclosure date so newly published issues surface first.

Plugin Medium Patched: Yes CVE-2024-6136
CVE-2024-6136: WP eStore <= 8.5.5 - Cross-Site Request Forgery to Settings Reset

The WP eStore plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 8.5.5. This is due to missing or incorrect nonce validation on the 'wp_eStore_admin' page. This makes it possible for unauthenticated attackers to reset the plugin...

Published
Jul 19, 2024
Patched Release
8.5.6
Affected Versions
Versions up to 8.5.5
Next Step
Update to 8.5.6 or newer if supported.
Open CVE-2024-6136 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-6133
CVE-2024-6133: WP eStore <= 8.5.5 - Reflected Cross-Site Scripting via Customer Search

The WP eStore plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'eStore_customer_search' parameter in all versions up to, and including, 8.5.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attacke...

Published
Jul 19, 2024
Patched Release
8.5.6
Affected Versions
Versions up to 8.5.5
Next Step
Update to 8.5.6 or newer if supported.
Open CVE-2024-6133 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-6134
CVE-2024-6134: WP eStore <= 8.5.5 - Reflected Cross-Site Scripting via Product Editing

The WP eStore plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'editproduct' parameter in all versions up to, and including, 8.5.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to injec...

Published
Jul 19, 2024
Patched Release
8.5.6
Affected Versions
Versions up to 8.5.5
Next Step
Update to 8.5.6 or newer if supported.
Open CVE-2024-6134 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-6075
CVE-2024-6075: WP eStore <= 8.5.4 - Cross-Site Request Forgery to Coupon Deletion

The WP eStore plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 8.5.4. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to delete coupons via a forged requ...

Published
Jun 24, 2024
Patched Release
8.5.5
Affected Versions
Versions up to 8.5.4
Next Step
Update to 8.5.5 or newer if supported.
Open CVE-2024-6075 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-6073
CVE-2024-6073: WP eStore <= 8.5.4 - Reflected Cross-Site Scripting via Discount Editing

The WP eStore plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via Discount Editing in all versions up to, and including, 8.5.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...

Published
Jun 24, 2024
Patched Release
8.5.5
Affected Versions
Versions up to 8.5.4
Next Step
Update to 8.5.5 or newer if supported.
Open CVE-2024-6073 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-6076
CVE-2024-6076: WP eStore <= 8.5.4 - Reflected Cross-Site Scripting via Category Editing

The WP eStore plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via Category Editing in all versions up to, and including, 8.5.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...

Published
Jun 24, 2024
Patched Release
8.5.5
Affected Versions
Versions up to 8.5.4
Next Step
Update to 8.5.5 or newer if supported.
Open CVE-2024-6076 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-6074
CVE-2024-6074: WP eStore <= 8.5.4 - Reflected Cross-Site Scripting via Customer Editing

The WP eStore plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via Customer Editing in all versions up to, and including, 8.5.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...

Published
Jun 24, 2024
Patched Release
8.5.5
Affected Versions
Versions up to 8.5.4
Next Step
Update to 8.5.5 or newer if supported.
Open CVE-2024-6074 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-6072
CVE-2024-6072: WP eStore <= 8.5.4 - Reflected Cross-Site Scripting via REQUEST_URI

The WP eStore plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via REQUEST_URI in all versions up to, and including, 8.5.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

Published
Jun 24, 2024
Patched Release
8.5.5
Affected Versions
Versions up to 8.5.4
Next Step
Update to 8.5.5 or newer if supported.
Open CVE-2024-6072 Report Open CVE Reference