CVE Catalog

CVE-2026-57313

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Summary

Cross Site Scripting (XSS) vulnerability in SureCart plugin versions up to 4.2.2, allowing a subscriber-level user to inject malicious script.

Risk Assessment

An attacker can steal session data, redirect users to malicious sites, or perform other unauthorized actions in the victim's browser context.

Recommendation

It is recommended to immediately update the SureCart plugin to version 4.2.3 or later, which includes a fix for this vulnerability.

Original NVD description (English source)

Subscriber Cross Site Scripting (XSS) in SureCart <= 4.2.2 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS