Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
welcart vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-50847
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Collne Inc. Welcart e-Commerce.This issue affects Welcart e-Commerce: from n/a up to and including 2.9.3.
Collne Welcart E-commerce
4.3
CVSSv2
CVE-2014-10016
Multiple cross-site scripting (XSS) vulnerabilities in the Welcart e-Commerce plugin 1.3.12 for WordPress allow remote malicious users to inject arbitrary web script or HTML via (1) unspecified vectors related to purchase_limit or the (2) name, (3) intl, (4) nocod, or (5) time pa...
Welcart E-commerce 1.3.12
NA
CVE-2023-40219
Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with editor or higher privilege to upload an arbitrary file to an unauthorized directory.
Collne Welcart E-commerce
7.5
CVSSv2
CVE-2014-10017
Multiple SQL injection vulnerabilities in the Welcart e-Commerce plugin 1.3.12 for WordPress allow remote malicious users to execute arbitrary SQL commands via the (1) changeSort or (2) switch parameter in the usces_itemedit page to wp-admin/admin.php.
Welcart E-commerce 1.3.12
6.8
CVSSv2
CVE-2016-4825
The Collne Welcart e-Commerce plugin prior to 1.8.3 for WordPress allows remote malicious users to conduct PHP object injection attacks and execute arbitrary PHP code via crafted serialized data.
Collne Welcart E-commerce
1 Github repository
6.4
CVSSv2
CVE-2016-4828
The Collne Welcart e-Commerce plugin prior to 1.8.3 for WordPress mishandles sessions, which allows remote malicious users to obtain access by leveraging knowledge of the e-mail address associated with an account.
Collne Welcart E-commerce
NA
CVE-2022-4236
The Welcart e-Commerce WordPress plugin prior to 2.8.5 does not validate user input before using it to output the content of a file via an AJAX action available to any authenticated users, which could allow users with a role as low as subscriber to read arbitrary files on the ser...
Collne Welcart E-commerce
NA
CVE-2023-43484
Cross-site scripting vulnerability in Item List page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated malicious user to inject an arbitrary script.
Collne Welcart E-commerce
NA
CVE-2023-43493
SQL injection vulnerability in Item List page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with author or higher privilege to obtain sensitive information.
Collne Welcart E-commerce
NA
CVE-2023-43610
SQL injection vulnerability in Order Data Edit page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with editor (without setting authority) or higher privilege to perform unintended database operations.
Collne Welcart E-commerce
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »