CVE-2026-48868

HIGH7.5JSON export Create alert

Description

Unauthenticated Insecure Direct Object References (IDOR) in Simple Shopping Cart <= 5.2.9 versions.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Affected products

mra13 / Team Tips and Tricks HQ / Simple Shopping Cartn/a – 5.2.9

References

MISChttps://patchstack.com/database/wordpress/plugin/wordpress-simple-paypal-shopping-cart/vulnerability/wordpress-simple-shopping-cart-plugin-5-2-9-insecure-direct-object-references-idor-vulnerability?_s_id=cve