Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
collne welcart e-commerce vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2016-4826
Cross-site scripting (XSS) vulnerability in the Collne Welcart e-Commerce plugin prior to 1.8.3 for WordPress allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-4827.
Collne Welcart E-commerce
6.1
CVSSv3
CVE-2016-4827
Cross-site scripting (XSS) vulnerability in the Collne Welcart e-Commerce plugin prior to 1.8.3 for WordPress allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-4826.
Collne Welcart E-commerce
6.5
CVSSv3
CVE-2016-4828
The Collne Welcart e-Commerce plugin prior to 1.8.3 for WordPress mishandles sessions, which allows remote malicious users to obtain access by leveraging knowledge of the e-mail address associated with an account.
Collne Welcart E-commerce
8.8
CVSSv3
CVE-2023-43610
SQL injection vulnerability in Order Data Edit page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with editor (without setting authority) or higher privilege to perform unintended database operations.
Collne Welcart E-commerce
6.1
CVSSv3
CVE-2023-43614
Cross-site scripting vulnerability in Order Data Edit page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated malicious user to inject an arbitrary script.
Collne Welcart E-commerce
4.3
CVSSv3
CVE-2023-40532
Path traversal vulnerability in Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with author or higher privilege to obtain partial information of the files on the web server.
Collne Welcart
9.8
CVSSv3
CVE-2023-5952
The Welcart e-Commerce WordPress plugin prior to 2.9.5 unserializes user input from cookies, which could allow unautehtniacted users to perform PHP Object Injection when a suitable gadget is present on the blog
Collne Welcart
6.1
CVSSv3
CVE-2023-5951
The Welcart e-Commerce WordPress plugin prior to 2.9.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
Collne Welcart
6.1
CVSSv3
CVE-2021-20734
Cross-site scripting vulnerability in Welcart e-Commerce versions before 2.2.4 allows remote malicious users to inject arbitrary script or HTML via unspecified vectors.
Collne Welcart 1.5.2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
denial of service
CVE-2024-27371
CVE-2024-20405
CVE-2024-31627
CVE-2024-31625
race condition
CVE-2024-4358
cross-site scripting
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3