Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
welcart vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2023-43614
Cross-site scripting vulnerability in Order Data Edit page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated malicious user to inject an arbitrary script.
Collne Welcart E-commerce
2.7
CVSSv3
CVE-2023-6120
The Welcart e-Commerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.9.6 via the upload_certificate_file function. This makes it possible for administrators to upload .pem or .crt files to arbitrary locations on the server.
Collne Welcart E-commerce
5.4
CVSSv3
CVE-2022-4655
The Welcart e-Commerce WordPress plugin prior to 2.8.9 does not validate and escapes one of its shortcode attributes, which could allow users with a role as low as a contributor to perform a Stored Cross-Site Scripting attack.
Collne Welcart E-commerce
6.1
CVSSv3
CVE-2023-41233
Cross-site scripting vulnerability in Item List page registration process of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated malicious user to inject an arbitrary script.
Collne Welcart E-commerce
8.8
CVSSv3
CVE-2023-5953
The Welcart e-Commerce WordPress plugin prior to 2.9.5 does not validate files to be uploaded, as well as does not have authorisation and CSRF in an AJAX action handling such upload. As a result, any authenticated users, such as subscriber could upload arbitrary files, such as PH...
Collne Welcart E-commerce
6.1
CVSSv3
CVE-2016-4826
Cross-site scripting (XSS) vulnerability in the Collne Welcart e-Commerce plugin prior to 1.8.3 for WordPress allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-4827.
Collne Welcart E-commerce
6.1
CVSSv3
CVE-2016-4827
Cross-site scripting (XSS) vulnerability in the Collne Welcart e-Commerce plugin prior to 1.8.3 for WordPress allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-4826.
Collne Welcart E-commerce
8.8
CVSSv3
CVE-2020-28339
The usc-e-shop (aka Collne Welcart e-Commerce) plugin prior to 1.9.36 for WordPress allows Object Injection because of usces_unserialize. There is not a complete POP chain.
Collne Welcart E-commerce
5.3
CVSSv3
CVE-2021-4355
The Welcart e-Commerce plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the download_orderdetail_list(), change_orderlist(), and download_member_list() functions called via admin_init hooks in versions up to, and including, 2.2.7. Thi...
Collne Welcart E-commerce
8.8
CVSSv3
CVE-2022-4237
The Welcart e-Commerce WordPress plugin prior to 2.8.6 does not validate user input before using it in file_exist() functions via various AJAX actions available to any authenticated users, which could allow users with a role as low as subscriber to perform PHAR deserialisation wh...
Collne Welcart E-commerce
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »