Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
welcart welcart plugin vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2023-5953
The Welcart e-Commerce WordPress plugin prior to 2.9.5 does not validate files to be uploaded, as well as does not have authorisation and CSRF in an AJAX action handling such upload. As a result, any authenticated users, such as subscriber could upload arbitrary files, such as PH...
Collne Welcart E-commerce
5.3
CVSSv3
CVE-2021-4355
The Welcart e-Commerce plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the download_orderdetail_list(), change_orderlist(), and download_member_list() functions called via admin_init hooks in versions up to, and including, 2.2.7. Thi...
Collne Welcart E-commerce
6.5
CVSSv3
CVE-2022-4236
The Welcart e-Commerce WordPress plugin prior to 2.8.5 does not validate user input before using it to output the content of a file via an AJAX action available to any authenticated users, which could allow users with a role as low as subscriber to read arbitrary files on the ser...
Collne Welcart E-commerce
NA
CVE-2014-10016
Multiple cross-site scripting (XSS) vulnerabilities in the Welcart e-Commerce plugin 1.3.12 for WordPress allow remote malicious users to inject arbitrary web script or HTML via (1) unspecified vectors related to purchase_limit or the (2) name, (3) intl, (4) nocod, or (5) time pa...
Welcart E-commerce 1.3.12
8.8
CVSSv3
CVE-2022-4237
The Welcart e-Commerce WordPress plugin prior to 2.8.6 does not validate user input before using it in file_exist() functions via various AJAX actions available to any authenticated users, which could allow users with a role as low as subscriber to perform PHAR deserialisation wh...
Collne Welcart E-commerce
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3