Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
e-commerce vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2022-3935
The Welcart e-Commerce WordPress plugin prior to 2.8.4 does not sanitise and escape some parameters, which could allow any authenticated users, such as subscriber to perform Stored Cross-Site Scripting attacks
Collne Welcart E-commerce
6.5
CVSSv3
CVE-2022-3946
The Welcart e-Commerce WordPress plugin prior to 2.8.4 does not have authorisation and CSRF in an AJAX action, allowing any logged-in user to create, update and delete shipping methods.
Collne Welcart E-commerce
NA
CVE-2008-6811
Unrestricted file upload vulnerability in image_processing.php in the e-Commerce Plugin 3.4 and previous versions for Wordpress allows remote malicious users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the ...
Instinct E-commerce Plugin
1 EDB exploit
9.8
CVSSv3
CVE-2022-41840
Unauth. Directory Traversal vulnerability in Welcart eCommerce plugin <= 2.7.7 on WordPress.
Collne Welcart E-commerce
NA
CVE-2014-10017
Multiple SQL injection vulnerabilities in the Welcart e-Commerce plugin 1.3.12 for WordPress allow remote malicious users to execute arbitrary SQL commands via the (1) changeSort or (2) switch parameter in the usces_itemedit page to wp-admin/admin.php.
Welcart E-commerce 1.3.12
8.8
CVSSv3
CVE-2020-28339
The usc-e-shop (aka Collne Welcart e-Commerce) plugin prior to 1.9.36 for WordPress allows Object Injection because of usces_unserialize. There is not a complete POP chain.
Collne Welcart E-commerce
7.5
CVSSv3
CVE-2022-4140
The Welcart e-Commerce WordPress plugin prior to 2.8.5 does not validate user input before using it to output the content of a file, which could allow unauthenticated malicious user to read arbitrary files on the server
Collne Welcart E-commerce
NA
CVE-2006-0171
PHP remote file include vulnerability in index.php in OrjinWeb E-commerce allows remote malicious users to execute arbitrary code via a URL in the page parameter. NOTE: it is not clear, but OrjinWeb might be an application service, in which case it should not be included in CVE.
Orjinweb Orjinweb E-commerce
1 EDB exploit
8.8
CVSSv3
CVE-2023-43610
SQL injection vulnerability in Order Data Edit page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with editor (without setting authority) or higher privilege to perform unintended database operations.
Collne Welcart E-commerce
6.1
CVSSv3
CVE-2023-43614
Cross-site scripting vulnerability in Order Data Edit page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated malicious user to inject an arbitrary script.
Collne Welcart E-commerce
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-38627
CVE-2022-45803
CVE-2024-38319
camera
template injection
CVE-2024-27801
CVE-2024-0762
CVE-2024-5791
unauthorized
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »