GCVE - cpe:2.3:a:tipsandtricks-hq:wp_estore:*:*:*:*:*:wordpress:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:tipsandtricks-hq:wp_estore:*:*:*:*:*:wordpress:*:*

part: a version: * update: *

Vendor	Tipsandtricks Hq (`526308cc-12ad-5324-8e9d-ae125b4b0839`)
Product	Wp Estore (`47a77efd-b85f-5144-943f-1effd3519ecb`)
Edition	*
Language	*
Software edition	*
Target software	wordpress
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-6136`	vulnerable	2026-06-03 14:58:01.971566	WP eStore < 8.5.6 - Settings Reset via CSRF The wp-cart-for-digital-products WordPress plugin before 8.5.6 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks Published: 2024-08-09T06:00:02.952Z Updated: 2024-08-09T12:50:19.497Z Open on db.gcve.eu Reference links https://wpscan.com/vulnerability/7d85cfe4-4878-4530-ba78-7cfe33f3a8d5/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-6134`	vulnerable	2026-06-03 14:58:01.967804	WP eStore < 8.5.6 - Reflected XSS in Product Editing The wp-cart-for-digital-products WordPress plugin before 8.5.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Published: 2024-08-10T06:00:04.206Z Updated: 2024-08-16T16:16:40.761Z Open on db.gcve.eu Reference links https://wpscan.com/vulnerability/34d61f7e-90eb-4a64-a8a7-18f2d6518118/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-6133`	vulnerable	2026-06-03 14:58:01.967442	WP eStore < 8.5.6 - Reflected XSS in Customer Search The wp-cart-for-digital-products WordPress plugin before 8.5.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Published: 2024-08-09T06:00:02.311Z Updated: 2024-08-09T13:21:19.056Z Open on db.gcve.eu Reference links https://wpscan.com/vulnerability/fd613e1e-557c-4383-a3e9-4c14bc0be0c5/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-6076`	vulnerable	2026-06-03 14:58:01.779591	WP eStore < 8.5.5 - Reflected XSS in Category Editing The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Published: 2024-07-15T06:00:05.868Z Updated: 2024-08-01T21:25:03.197Z Open on db.gcve.eu Reference links https://wpscan.com/vulnerability/8369a2d8-1780-40c3-90ff-a826b9e9afd4/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-6075`	vulnerable	2026-06-03 14:58:01.777576	WP eStore < 8.5.5 - Coupon Deletion via CSRF The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks Published: 2024-07-15T06:00:05.607Z Updated: 2024-08-01T21:25:03.263Z Open on db.gcve.eu Reference links https://wpscan.com/vulnerability/b0e2658a-b075-48b6-a9d9-e141194117fc/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-6074`	vulnerable	2026-06-03 14:58:01.777070	WP eStore < 8.5.5 - Reflected XSS in Customer Editing The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Published: 2024-07-15T06:00:05.374Z Updated: 2024-08-01T21:25:03.266Z Open on db.gcve.eu Reference links https://wpscan.com/vulnerability/e518af46-cb8e-43ff-a7c1-5300b36d9113/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-6073`	vulnerable	2026-06-03 14:58:01.775666	WP eStore < 8.5.5 - Reflected XSS in Discount Editing The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Published: 2024-07-15T06:00:04.974Z Updated: 2024-08-01T21:25:03.205Z Open on db.gcve.eu Reference links https://wpscan.com/vulnerability/f04994bc-9eef-46de-995b-8598f7a749c4/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-6072`	vulnerable	2026-06-03 14:58:01.775020	WP eStore < 8.5.5 - Reflected XSS via $_SERVER['REQUEST_URI'] The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers Published: 2024-07-15T06:00:04.074Z Updated: 2024-08-01T21:25:03.322Z Open on db.gcve.eu Reference links https://wpscan.com/vulnerability/1d8a344b-37e9-41e8-9de0-c67b7ca8e21b/	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.