The Welcart e-Commerce WordPress plugin prior to 2.8.4 does not have authorisation and CSRF in an AJAX action, allowing any logged-in user to create, update and delete shipping methods.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
collne welcart e-commerce |