CVE-2023-6497 in Simple Shopping Cart Plugininfo

Summary

by MITRE • 01/27/2024

The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the automatic redirect URL setting in all versions up to and including 4.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Analysis

by VulDB Data Team • 04/11/2026

The vulnerability identified as CVE-2023-6497 affects the WordPress Simple Shopping Cart plugin, specifically targeting versions up to and including 4.7.1. This represents a critical security flaw that exploits stored cross-site scripting vulnerabilities within the plugin's automatic redirect URL setting functionality. The issue manifests when administrators configure redirect settings for the shopping cart functionality, creating a persistent vector for malicious code injection that can affect all users who access compromised pages.

The technical root cause of this vulnerability stems from inadequate input sanitization and insufficient output escaping mechanisms within the plugin's codebase. When administrators enter redirect URLs through the plugin's administrative interface, the system fails to properly validate or sanitize the input data before storing it in the database. This lack of proper sanitization creates a persistent XSS vulnerability where malicious scripts can be stored and executed whenever affected pages are accessed. The vulnerability specifically leverages the automatic redirect URL configuration field, which is designed to handle URL redirection after certain shopping cart actions such as checkout completion or cart updates.

The operational impact of this vulnerability is significant for WordPress multisite installations where the vulnerability is most prevalent. Attackers with administrator-level permissions or higher can exploit this flaw to inject malicious scripts that will execute in the context of any user who visits pages containing the injected content. This creates a persistent threat vector where compromised sites can serve malicious payloads to all visitors, potentially leading to session hijacking, data theft, or further exploitation of the compromised WordPress environment. The vulnerability's impact is particularly concerning in multisite configurations where a single compromised site can affect the entire network, and in installations where unfiltered_html has been disabled, as the vulnerability specifically targets these restricted environments.

This vulnerability maps directly to CWE-79, which defines Cross-Site Scripting as a weakness that allows attackers to inject malicious scripts into web pages viewed by other users. The specific exploitation pattern aligns with ATT&CK technique T1566.001, which covers "Phishing: Spearphishing Attachment" and similar social engineering tactics that can be amplified through stored XSS vulnerabilities. The vulnerability also relates to ATT&CK technique T1059.001, which involves command and control through scripting languages, as the injected scripts can execute arbitrary commands on affected user systems. Organizations should immediately update to the patched version of the Simple Shopping Cart plugin, implement proper input validation measures, and consider additional monitoring for suspicious administrative activities in affected installations.

The vulnerability's scope is limited to WordPress multisite installations where unfiltered_html has been disabled, making these specific configurations particularly vulnerable. This targeting of restricted environments highlights the importance of proper security hardening practices and the need for comprehensive input validation across all plugin functionalities. Administrators should verify that their plugin installations have been updated to versions that address this vulnerability and implement additional security measures such as regular security audits, proper access control policies, and monitoring for unauthorized administrative changes that could indicate exploitation attempts.

Responsible

Wordfence

Reservation

12/04/2023

Disclosure

01/27/2024

Moderation

accepted

CPE

ready

EPSS

0.00304

KEV

no

Activities

very low

Sources

Might our Artificial Intelligence support you?

Check our Alexa App!