WordPress Plugin Vulnerabilities

WP Simple Shopping Cart 4.6.3 - Unauthenticated PII Disclosure

Description

The plugin saves exported shopping cart data in a publicly accessible directory, allowing unauthenticated users to retrieve PII such as full names, email/IP address etc

Affects Plugins

Plugin icon
wordpress-simple-paypal-shopping-cart
Fixed in 4.6.4

References

CVE
CVE-2023-1431

Classification

Type
SENSITIVE DATA DISCLOSURE
OWASP top 10
A3: Sensitive Data Exposure
CWE
CWE-200
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Ayoub Safa
Verified
No
WPVDB ID
2208921f-c5f5-463a-a819-8f1cc15b1cab

Timeline

Publicly Published
2023-03-16 (about 3 years ago)
Added
2023-03-16 (about 3 years ago)
Last Updated
2023-03-16 (about 3 years ago)

Other

Published
Title
Published
2025-11-04
Title
The Events Calendar < 6.15.10 - Unauthenticated Sensitive Information Exposure
Published
2024-02-26
Title
WooCommerce Coupon Popup, SmartBar, Slide In | MyShopKit <= 1.0.9 - Unauthenticated Sensitive Information Exposure
Published
2024-06-24
Title
WPS Hide Login < 1.9.16.4 - Hidden Login Page Disclosure
Published
2024-08-14
Title
Newsletters < 4.9.9.1 - Unauthenticated Full Path Disclosure
Published
2024-08-08
Title
affiliate-toolkit < 3.6 - Unauthenticated Full Path Dislcosure