Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
welcart welcart plugin vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2012-5177
Cross-site scripting (XSS) vulnerability in the Welcart plugin prior to 1.2.2 for WordPress allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Welcart Welcart Plugin 0.5
Welcart Welcart Plugin 0.9.1
Welcart Welcart Plugin 1.2.2
Welcart Welcart Plugin 1.2.1
605
VMScore
CVE-2012-5178
Cross-site request forgery (CSRF) vulnerability in the Welcart plugin prior to 1.2.2 for WordPress allows remote malicious users to hijack the authentication of arbitrary users for requests that complete a purchase.
Welcart Welcart Plugin
Welcart Welcart Plugin 0.9.1
Welcart Welcart Plugin 0.5
NA
CVE-2023-5952
The Welcart e-Commerce WordPress plugin prior to 2.9.5 unserializes user input from cookies, which could allow unautehtniacted users to perform PHP Object Injection when a suitable gadget is present on the blog
Collne Welcart
578
VMScore
CVE-2015-7791
Multiple SQL injection vulnerabilities in admin.php in the Collne Welcart plugin prior to 1.5.3 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) search[column] or (2) switch parameter.
Collne Welcart
NA
CVE-2023-5951
The Welcart e-Commerce WordPress plugin prior to 2.9.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
Collne Welcart
383
VMScore
CVE-2015-2973
Multiple cross-site scripting (XSS) vulnerabilities in the Welcart plugin prior to 1.4.18 for WordPress allow remote malicious users to inject arbitrary web script or HTML via the usces_referer parameter to (1) classes/usceshop.class.php, (2) includes/edit-form-advanced.php, (3) ...
Collne Welcart
NA
CVE-2021-4375
The Welcart e-Commerce plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the usces_download_system_information() function in versions up to, and including, 2.2.7. This makes it possible for authenticated malicious users to download in...
Collne Welcart E-commerce
NA
CVE-2022-41840
Unauth. Directory Traversal vulnerability in Welcart eCommerce plugin <= 2.7.7 on WordPress.
Collne Welcart E-commerce
NA
CVE-2023-22705
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Collne Inc. Welcart e-Commerce plugin <= 2.8.10 versions.
Collne Welcart E-commerce
578
VMScore
CVE-2020-28339
The usc-e-shop (aka Collne Welcart e-Commerce) plugin prior to 1.9.36 for WordPress allows Object Injection because of usces_unserialize. There is not a complete POP chain.
Collne Welcart E-commerce
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »