Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
welcart vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-4655
The Welcart e-Commerce WordPress plugin prior to 2.8.9 does not validate and escapes one of its shortcode attributes, which could allow users with a role as low as a contributor to perform a Stored Cross-Site Scripting attack.
Collne Welcart E-commerce
383
VMScore
CVE-2014-10016
Multiple cross-site scripting (XSS) vulnerabilities in the Welcart e-Commerce plugin 1.3.12 for WordPress allow remote malicious users to inject arbitrary web script or HTML via (1) unspecified vectors related to purchase_limit or the (2) name, (3) intl, (4) nocod, or (5) time pa...
Welcart E-commerce 1.3.12
668
VMScore
CVE-2014-10017
Multiple SQL injection vulnerabilities in the Welcart e-Commerce plugin 1.3.12 for WordPress allow remote malicious users to execute arbitrary SQL commands via the (1) changeSort or (2) switch parameter in the usces_itemedit page to wp-admin/admin.php.
Welcart E-commerce 1.3.12
NA
CVE-2023-40219
Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with editor or higher privilege to upload an arbitrary file to an unauthorized directory.
Collne Welcart E-commerce
NA
CVE-2023-22705
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Collne Inc. Welcart e-Commerce plugin <= 2.8.10 versions.
Collne Welcart E-commerce
NA
CVE-2023-41233
Cross-site scripting vulnerability in Item List page registration process of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated malicious user to inject an arbitrary script.
Collne Welcart E-commerce
NA
CVE-2023-5953
The Welcart e-Commerce WordPress plugin prior to 2.9.5 does not validate files to be uploaded, as well as does not have authorisation and CSRF in an AJAX action handling such upload. As a result, any authenticated users, such as subscriber could upload arbitrary files, such as PH...
Collne Welcart E-commerce
NA
CVE-2021-4355
The Welcart e-Commerce plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the download_orderdetail_list(), change_orderlist(), and download_member_list() functions called via admin_init hooks in versions up to, and including, 2.2.7. Thi...
Collne Welcart E-commerce
383
VMScore
CVE-2016-4826
Cross-site scripting (XSS) vulnerability in the Collne Welcart e-Commerce plugin prior to 1.8.3 for WordPress allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-4827.
Collne Welcart E-commerce
570
VMScore
CVE-2016-4828
The Collne Welcart e-Commerce plugin prior to 1.8.3 for WordPress mishandles sessions, which allows remote malicious users to obtain access by leveraging knowledge of the e-mail address associated with an account.
Collne Welcart E-commerce
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
bypass
open redirect
CVE-2024-4358
CVE-2024-24199
CVE-2024-5550
CVE-2024-5305
CVE-2024-30373
CVE-2024-1800
deserialization
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »