CVE-2024-14015

HIGH NUCLEI

WordPress eCommerce Plugin <2.9.0 - XSS

Title source: llm

Description

The WordPress eCommerce Plugin WordPress plugin through 2.9.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

Nuclei Templates (1)

Studiocart <= 2.9.0 - Cross-Site Scripting
MEDIUMVERIFIEDby Shivam Kamboj

References (1)

Scores

CVSS v3 7.1
EPSS 0.0032
EPSS Percentile 55.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Details

Status published
Products (2)
None/WordPress eCommerce Plugin < 2.9.0
Unknown/WordPress eCommerce Plugin < 2.9.0
Published Nov 24, 2025
Tracked Since Feb 18, 2026