CVE Catalog
CVE-2026-57313
MediumCVSS 6.5Summary
Cross Site Scripting (XSS) vulnerability in SureCart plugin versions up to 4.2.2, allowing a subscriber-level user to inject malicious script.
Risk Assessment
An attacker can steal session data, redirect users to malicious sites, or perform other unauthorized actions in the victim's browser context.
Recommendation
It is recommended to immediately update the SureCart plugin to version 4.2.3 or later, which includes a fix for this vulnerability.
Original NVD description (English source)
Subscriber Cross Site Scripting (XSS) in SureCart <= 4.2.2 versions.

