CVE Catalog
CVE-2026-57314
HighCVSS 7.1Exploitation Probability (EPSS)
Low risk0.18%
8th percentile — higher than 8% of all known CVEs
Summary
SureCart plugin version 4.3.2 and earlier contains an unauthenticated Cross Site Scripting (XSS) vulnerability. An attacker can inject malicious JavaScript code without requiring authentication.
Risk Assessment
The risk involves arbitrary script execution in the victim's browser, potentially leading to session theft, redirects to malicious sites, or theft of sensitive data.
Recommendation
Immediately update the SureCart plugin to a version newer than 4.3.2. Also review and sanitize all user input data.
Original NVD description (English source)
Unauthenticated Cross Site Scripting (XSS) in SureCart <= 4.3.2 versions.

