Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
collne welcart vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-40532
Path traversal vulnerability in Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with author or higher privilege to obtain partial information of the files on the web server.
Collne Welcart
NA
CVE-2023-5951
The Welcart e-Commerce WordPress plugin prior to 2.9.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
Collne Welcart
NA
CVE-2023-5952
The Welcart e-Commerce WordPress plugin prior to 2.9.5 unserializes user input from cookies, which could allow unautehtniacted users to perform PHP Object Injection when a suitable gadget is present on the blog
Collne Welcart
6.5
CVSSv2
CVE-2015-7791
Multiple SQL injection vulnerabilities in admin.php in the Collne Welcart plugin prior to 1.5.3 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) search[column] or (2) switch parameter.
Collne Welcart
4.3
CVSSv2
CVE-2015-2973
Multiple cross-site scripting (XSS) vulnerabilities in the Welcart plugin prior to 1.4.18 for WordPress allow remote malicious users to inject arbitrary web script or HTML via the usces_referer parameter to (1) classes/usceshop.class.php, (2) includes/edit-form-advanced.php, (3) ...
Collne Welcart
4.3
CVSSv2
CVE-2021-20734
Cross-site scripting vulnerability in Welcart e-Commerce versions before 2.2.4 allows remote malicious users to inject arbitrary script or HTML via unspecified vectors.
Collne Welcart 1.5.2
NA
CVE-2023-41233
Cross-site scripting vulnerability in Item List page registration process of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated malicious user to inject an arbitrary script.
Collne Welcart E-commerce
NA
CVE-2023-41962
Cross-site scripting vulnerability in Credit Card Payment Setup page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated malicious user to inject an arbitrary script in the page.
Collne Welcart E-commerce
NA
CVE-2022-4140
The Welcart e-Commerce WordPress plugin prior to 2.8.5 does not validate user input before using it to output the content of a file, which could allow unauthenticated malicious user to read arbitrary files on the server
Collne Welcart E-commerce
NA
CVE-2023-43484
Cross-site scripting vulnerability in Item List page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated malicious user to inject an arbitrary script.
Collne Welcart E-commerce
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »