Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
collne welcart e-commerce vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv3
CVE-2021-4375
The Welcart e-Commerce plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the usces_download_system_information() function in versions up to, and including, 2.2.7. This makes it possible for authenticated malicious users to download in...
Collne Welcart E-commerce
8.8
CVSSv3
CVE-2022-4237
The Welcart e-Commerce WordPress plugin prior to 2.8.6 does not validate user input before using it in file_exist() functions via various AJAX actions available to any authenticated users, which could allow users with a role as low as subscriber to perform PHAR deserialisation wh...
Collne Welcart E-commerce
2.7
CVSSv3
CVE-2023-6120
The Welcart e-Commerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.9.6 via the upload_certificate_file function. This makes it possible for administrators to upload .pem or .crt files to arbitrary locations on the server.
Collne Welcart E-commerce
7.5
CVSSv3
CVE-2022-4140
The Welcart e-Commerce WordPress plugin prior to 2.8.5 does not validate user input before using it to output the content of a file, which could allow unauthenticated malicious user to read arbitrary files on the server
Collne Welcart E-commerce
6.1
CVSSv3
CVE-2016-4827
Cross-site scripting (XSS) vulnerability in the Collne Welcart e-Commerce plugin prior to 1.8.3 for WordPress allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-4826.
Collne Welcart E-commerce
4.3
CVSSv3
CVE-2023-40532
Path traversal vulnerability in Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with author or higher privilege to obtain partial information of the files on the web server.
Collne Welcart
9.8
CVSSv3
CVE-2023-5952
The Welcart e-Commerce WordPress plugin prior to 2.9.5 unserializes user input from cookies, which could allow unautehtniacted users to perform PHP Object Injection when a suitable gadget is present on the blog
Collne Welcart
6.1
CVSSv3
CVE-2023-5951
The Welcart e-Commerce WordPress plugin prior to 2.9.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
Collne Welcart
6.1
CVSSv3
CVE-2021-20734
Cross-site scripting vulnerability in Welcart e-Commerce versions before 2.2.4 allows remote malicious users to inject arbitrary script or HTML via unspecified vectors.
Collne Welcart 1.5.2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5248
CVE-2024-3110
CVE-2024-5552
CVE-2024-29415
HTML injection
CVE-2024-3095
TCP
type confusion
CVE-2024-1800
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3