VYPR

Gnucommerce

by WordPress

Source repositories

CVEs (4)

  • CVE-2025-30985CriApr 15, 2025
    risk 0.64cvss 9.8epss 0.00

    Deserialization of Untrusted Data vulnerability in kagla GNUCommerce gnucommerce allows Object Injection.This issue affects GNUCommerce: from n/a through <= 1.5.4.

  • CVE-2025-26564HigMar 26, 2025
    risk 0.46cvss 7.1epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kagla GNUCommerce gnucommerce allows Reflected XSS.This issue affects GNUCommerce: from n/a through <= 1.5.4.

  • CVE-2017-18572MedAug 22, 2019
    risk 0.40cvss 6.1epss 0.01

    The gnucommerce plugin before 1.4.2 for WordPress has XSS.

  • CVE-2016-10920MedAug 22, 2019
    risk 0.40cvss 6.1epss 0.01

    The gnucommerce plugin before 0.5.7-BETA for WordPress has XSS.