Vulnerabilities > Collne

DATE CVE VULNERABILITY TITLE RISK
2023-12-28 CVE-2023-50847 SQL Injection vulnerability in Collne Welcart E-Commerce
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Collne Inc.
network
low complexity
collne CWE-89
7.2
2023-12-09 CVE-2023-6120 Path Traversal vulnerability in Collne Welcart E-Commerce
The Welcart e-Commerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.9.6 via the upload_certificate_file function.
network
low complexity
collne CWE-22
2.7
2023-12-04 CVE-2023-5951 Cross-site Scripting vulnerability in Collne Welcart
The Welcart e-Commerce WordPress plugin before 2.9.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
network
low complexity
collne CWE-79
6.1
2023-12-04 CVE-2023-5952 Unspecified vulnerability in Collne Welcart
The Welcart e-Commerce WordPress plugin before 2.9.5 unserializes user input from cookies, which could allow unautehtniacted users to perform PHP Object Injection when a suitable gadget is present on the blog
network
low complexity
collne
critical
9.8
2023-12-04 CVE-2023-5953 Unrestricted Upload of File with Dangerous Type vulnerability in Collne Welcart E-Commerce
The Welcart e-Commerce WordPress plugin before 2.9.5 does not validate files to be uploaded, as well as does not have authorisation and CSRF in an AJAX action handling such upload.
network
low complexity
collne CWE-434
8.8
2023-09-27 CVE-2023-40219 Unrestricted Upload of File with Dangerous Type vulnerability in Collne Welcart E-Commerce
Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with editor or higher privilege to upload an arbitrary file to an unauthorized directory.
network
low complexity
collne CWE-434
7.2
2023-09-27 CVE-2023-40532 Path Traversal vulnerability in Collne Welcart
Path traversal vulnerability in Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with author or higher privilege to obtain partial information of the files on the web server.
network
low complexity
collne CWE-22
4.3
2023-09-27 CVE-2023-41233 Cross-site Scripting vulnerability in Collne Welcart E-Commerce
Cross-site scripting vulnerability in Item List page registration process of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script.
network
low complexity
collne CWE-79
6.1
2023-09-27 CVE-2023-41962 Cross-site Scripting vulnerability in Collne Welcart E-Commerce
Cross-site scripting vulnerability in Credit Card Payment Setup page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script in the page.
network
low complexity
collne CWE-79
6.1
2023-09-27 CVE-2023-43484 Cross-site Scripting vulnerability in Collne Welcart E-Commerce
Cross-site scripting vulnerability in Item List page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script.
network
low complexity
collne CWE-79
6.1