Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
collne welcart vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv3
CVE-2023-40532
Path traversal vulnerability in Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with author or higher privilege to obtain partial information of the files on the web server.
Collne Welcart
6.1
CVSSv3
CVE-2023-5951
The Welcart e-Commerce WordPress plugin prior to 2.9.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
Collne Welcart
9.8
CVSSv3
CVE-2023-5952
The Welcart e-Commerce WordPress plugin prior to 2.9.5 unserializes user input from cookies, which could allow unautehtniacted users to perform PHP Object Injection when a suitable gadget is present on the blog
Collne Welcart
6.3
CVSSv3
CVE-2015-7791
Multiple SQL injection vulnerabilities in admin.php in the Collne Welcart plugin prior to 1.5.3 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) search[column] or (2) switch parameter.
Collne Welcart
NA
CVE-2015-2973
Multiple cross-site scripting (XSS) vulnerabilities in the Welcart plugin prior to 1.4.18 for WordPress allow remote malicious users to inject arbitrary web script or HTML via the usces_referer parameter to (1) classes/usceshop.class.php, (2) includes/edit-form-advanced.php, (3) ...
Collne Welcart
6.1
CVSSv3
CVE-2021-20734
Cross-site scripting vulnerability in Welcart e-Commerce versions before 2.2.4 allows remote malicious users to inject arbitrary script or HTML via unspecified vectors.
Collne Welcart 1.5.2
6.1
CVSSv3
CVE-2023-41233
Cross-site scripting vulnerability in Item List page registration process of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated malicious user to inject an arbitrary script.
Collne Welcart E-commerce
6.1
CVSSv3
CVE-2023-41962
Cross-site scripting vulnerability in Credit Card Payment Setup page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated malicious user to inject an arbitrary script in the page.
Collne Welcart E-commerce
7.5
CVSSv3
CVE-2022-4140
The Welcart e-Commerce WordPress plugin prior to 2.8.5 does not validate user input before using it to output the content of a file, which could allow unauthenticated malicious user to read arbitrary files on the server
Collne Welcart E-commerce
6.1
CVSSv3
CVE-2023-43484
Cross-site scripting vulnerability in Item List page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated malicious user to inject an arbitrary script.
Collne Welcart E-commerce
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »