Which Shopping Cart & eCommerce Store CVEs are tracked?

Shopping Cart & eCommerce Store tracked CVEs include CVE-2024-7827, CVE-2024-3211, CVE-2021-34645, CVE-2015-2673, and CVE-2014-9308.

How many Shopping Cart & eCommerce Store vulnerabilities have patch guidance?

22 of 22 tracked Shopping Cart & eCommerce Store records include a published patch path.

Where should operators start on this Plugin hub?

Start with the priority CVE quick links, then open the full report for affected versions, remediation notes, CVSS vectors, and source references.

Plugin Vulnerability Hub

Plugin 22 known issues Latest disclosed Feb 27, 2026

Shopping Cart & eCommerce Store Vulnerabilities

Review known vulnerability records for the WordPress plugin Shopping Cart & eCommerce Store (`wp-easycart`), including severity, CVE references, affected versions, and patch status.

Recent tracked CVEs on this page include CVE-2026-32422, CVE-2025-62997 and CVE-2024-12712, so operators can jump from disclosure to patch validation without scanning the full feed first.

View on WordPress.org Back to Feed

Known Records

High or Critical

Patch Coverage

100%

Last Updated

Apr 15, 2026

Priority CVE Quick Links

Fast paths into Shopping Cart & eCommerce Store CVE reports

Start with the highest-signal CVE records for this WordPress plugin before scanning the full vulnerability feed.

Indexed CVEs

CVE-2024-7827 High 5.7.3

CVE-2024-7827 Shopping Cart & eCommerce Store SQL Injection

Shopping Cart & eCommerce Store <= 5.7.2 - Authenticated (Contributor+) SQL Injection via model_number Parameter

CVE-2024-3211 High 5.6.4

CVE-2024-3211 Shopping Cart & eCommerce Store SQL Injection

Shopping Cart & eCommerce Store <= 5.6.3 - Authenticated (Contributor+) SQL Injection

CVE-2021-34645 High 5.1.5

CVE-2021-34645 Shopping Cart & eCommerce Store Stored Cross-Site Scripting

Shopping Cart & eCommerce Store <= 5.1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting

CVE-2015-2673 High 3.0.21

CVE-2015-2673 Shopping Cart & eCommerce Store Privilege Escalation

EasyCart 1.1.30 - 3.0.20 - Privilege Escalation

CVE-2014-9308 High 3.0.16

CVE-2014-9308 Shopping Cart & eCommerce Store Arbitrary File Upload

Shopping Cart & eCommerce Store < 3.0.16 - Arbitrary File Upload

CVE-2023-3023 High 5.4.11

CVE-2023-3023 Shopping Cart & eCommerce Store SQL Injection

WP EasyCart <= 5.4.10 - Authenticated (Administrator+) SQL Injection via 'orderby'

CVE-2023-1124 High 5.4.3

CVE-2023-1124 Shopping Cart & eCommerce Store Local File Inclusion

Shopping Cart & eCommerce Store <= 5.4.2 - Authenticated (Admin+) Local File Inclusion via import_file_url

CVE-2026-32422 Medium 5.8.14

CVE-2026-32422 Shopping Cart & eCommerce Store SQL Injection

EasyCart <= 5.8.13 - Authenticated (Contributor+) SQL Injection

Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for Shopping Cart & eCommerce Store so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.

Patch Visibility

22 records include a published patch path, leaving 0 with no listed safe release yet.

Severity Mix

0 critical and 7 high severity findings.

Recent CVEs

CVE-2026-32422, CVE-2025-62997 and CVE-2024-12712

Reference Workflow

Jump from the hub into the full report when you need remediation notes, exploit context, CVSS vectors, or source references.

Triage First

Open the records most likely to drive action

These recent records surface the CVE strings, patch cues, and direct report links most operators need first.

CVE-2026-32422 Medium Patch path listed

CVE-2026-32422: EasyCart <= 5.8.13 - Authenticated (Contributor+) SQL Injection

The EasyCart plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 5.8.13 due to insufficient escaping on the user supplied parameter and lack of sufficient p...

Published

Feb 27, 2026

Patch Status

5.8.14

Open CVE-2026-32422 Report

CVE-2025-62997 Medium Patch path listed

CVE-2025-62997: EasyCart <= 5.8.11 - Unauthenticated Information Exposure

The Shopping Cart & eCommerce Store plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.8.11. This makes it possible for unauthentica...

Published

Dec 08, 2025

Patch Status

5.8.12

Open CVE-2025-62997 Report

CVE-2024-12712 Medium Patch path listed

CVE-2024-12712: Shopping Cart & eCommerce Store <= 5.7.8 - Missing Authorization to Order Updates

The Shopping Cart & eCommerce Store plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the webhook function in all versions up to, a...

Published

Jan 07, 2025

Patch Status

5.7.9

Open CVE-2024-12712 Report

Known Vulnerabilities

Reports for Shopping Cart & eCommerce Store

Sorted by latest disclosure date so newly published issues surface first.

Plugin Medium Patched: Yes CVE-2026-32422

CVE-2026-32422: EasyCart <= 5.8.13 - Authenticated (Contributor+) SQL Injection

The EasyCart plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 5.8.13 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers,...

Published

Feb 27, 2026

Patched Release

5.8.14

Affected Versions

Versions up to 5.8.13

Next Step

Update to 5.8.14 or newer if supported.

Open CVE-2026-32422 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2025-62997

CVE-2025-62997: EasyCart <= 5.8.11 - Unauthenticated Information Exposure

The Shopping Cart & eCommerce Store plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.8.11. This makes it possible for unauthenticated attackers to extract sensitive user or configuration data.

Published

Dec 08, 2025

Patched Release

5.8.12

Affected Versions

Versions up to 5.8.11

Next Step

Update to 5.8.12 or newer if supported.

Open CVE-2025-62997 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2024-12712

CVE-2024-12712: Shopping Cart & eCommerce Store <= 5.7.8 - Missing Authorization to Order Updates

The Shopping Cart & eCommerce Store plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the webhook function in all versions up to, and including, 5.7.8. This makes it possible for unauthenticated attackers to modify order...

Published

Jan 07, 2025

Patched Release

5.7.9

Affected Versions

Versions up to 5.7.8

Next Step

Update to 5.7.9 or newer if supported.

Open CVE-2024-12712 Report Open CVE Reference

Plugin High Patched: Yes CVE-2024-7827

CVE-2024-7827: Shopping Cart & eCommerce Store <= 5.7.2 - Authenticated (Contributor+) SQL Injection via model_number Parameter

The Shopping Cart & eCommerce Store plugin for WordPress is vulnerable to boolean-based SQL Injection via the ‘model_number’ parameter in all versions up to, and including, 5.7.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

Published

Aug 19, 2024

Patched Release

5.7.3

Affected Versions

Versions up to 5.7.2

Next Step

Update to 5.7.3 or newer if supported.

Open CVE-2024-7827 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2024-35667

CVE-2024-35667: WP EasyCart <= 5.5.19 - Missing Authorization

The Shopping Cart & eCommerce Store plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 5.5.19. This makes it possible for unauthenticated attackers to perform an unauthorized action.

Published

Jun 03, 2024

Patched Release

5.6.0

Affected Versions

Versions up to 5.5.19

Next Step

Update to 5.6.0 or newer if supported.

Open CVE-2024-35667 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2024-4213

CVE-2024-4213: Shopping Cart & eCommerce Store <= 5.6.4 - Sensitive Information Exposure

The Shopping Cart & eCommerce Store plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.6.4 via the order report functionality. This makes it possible for unauthenticated attackers to extract sensitive data including order...

Published

May 10, 2024

Patched Release

5.6.5

Affected Versions

Versions up to 5.6.4

Next Step

Update to 5.6.5 or newer if supported.

Open CVE-2024-4213 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2024-32452

CVE-2024-32452: WP EasyCart <= 5.5.19 - Cross-Site Request Forgery

The Shopping Cart & eCommerce Store plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.5.19. This is due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticated attackers to...

Published

Apr 12, 2024

Patched Release

5.6.0

Affected Versions

Versions up to 5.5.19

Next Step

Update to 5.6.0 or newer if supported.

Open CVE-2024-32452 Report Open CVE Reference

Plugin High Patched: Yes CVE-2024-3211

CVE-2024-3211: Shopping Cart & eCommerce Store <= 5.6.3 - Authenticated (Contributor+) SQL Injection

The Shopping Cart & eCommerce Store plugin for WordPress is vulnerable to SQL Injection via the 'productid' attribute of the ec_addtocart shortcode in all versions up to, and including, 5.6.3 due to insufficient escaping on the user supplied parameter and lack of sufficient prepa...

Published

Apr 11, 2024

Patched Release

5.6.4

Affected Versions

Versions up to 5.6.3

Next Step

Update to 5.6.4 or newer if supported.

Open CVE-2024-3211 Report Open CVE Reference

Plugin High Patched: Yes CVE-2023-3023

CVE-2023-3023: WP EasyCart <= 5.4.10 - Authenticated (Administrator+) SQL Injection via 'orderby'

The WP EasyCart plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in versions up to, and including, 5.4.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes...

Published

Jun 08, 2023

Patched Release

5.4.11

Affected Versions

Versions up to 5.4.10

Next Step

Update to 5.4.11 or newer if supported.

Open CVE-2023-3023 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2023-2895

CVE-2023-2895: WP EasyCart <= 5.4.8 - Cross-Site Request Forgery via process_bulk_activate_product

The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the process_bulk_activate_product function. This makes it possible for unauthenticated attackers to bu...

Published

May 27, 2023

Patched Release

5.4.9

Affected Versions

Versions up to 5.4.8

Next Step

Update to 5.4.9 or newer if supported.

Open CVE-2023-2895 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2023-2894

CVE-2023-2894: WP EasyCart <= 5.4.8 - Cross-Site Request Forgery via process_bulk_deactivate_product

The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the process_bulk_deactivate_product function. This makes it possible for unauthenticated attackers to...

Published

May 27, 2023

Patched Release

5.4.9

Affected Versions

Versions up to 5.4.8

Next Step

Update to 5.4.9 or newer if supported.

Open CVE-2023-2894 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2023-2893

CVE-2023-2893: WP EasyCart <= 5.4.8 - Cross-Site Request Forgery via process_deactivate_product

The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the process_deactivate_product function. This makes it possible for unauthenticated attackers to deact...

Published

May 27, 2023

Patched Release

5.4.9

Affected Versions

Versions up to 5.4.8

Next Step

Update to 5.4.9 or newer if supported.

Open CVE-2023-2893 Report Open CVE Reference