Vulnerabilities > Collne

DATE CVE VULNERABILITY TITLE RISK
2022-12-12 CVE-2022-3935 Unspecified vulnerability in Collne Welcart E-Commerce
The Welcart e-Commerce WordPress plugin before 2.8.4 does not sanitise and escape some parameters, which could allow any authenticated users, such as subscriber to perform Stored Cross-Site Scripting attacks
network
low complexity
collne
5.4
2022-12-12 CVE-2022-3946 Missing Authorization vulnerability in Collne Welcart E-Commerce
The Welcart e-Commerce WordPress plugin before 2.8.4 does not have authorisation and CSRF in an AJAX action, allowing any logged-in user to create, update and delete shipping methods.
network
low complexity
collne CWE-862
6.5
2022-11-18 CVE-2022-41840 Path Traversal vulnerability in Collne Welcart E-Commerce
Unauth.
network
low complexity
collne CWE-22
critical
9.8
2021-06-22 CVE-2021-20734 Cross-site Scripting vulnerability in Collne Welcart 1.5.2
Cross-site scripting vulnerability in Welcart e-Commerce versions prior to 2.2.4 allows remote attackers to inject arbitrary script or HTML via unspecified vectors.
network
low complexity
collne CWE-79
6.1
2020-11-07 CVE-2020-28339 Deserialization of Untrusted Data vulnerability in Collne Welcart E-Commerce
The usc-e-shop (aka Collne Welcart e-Commerce) plugin before 1.9.36 for WordPress allows Object Injection because of usces_unserialize.
network
low complexity
collne CWE-502
8.8
2016-06-25 CVE-2016-4828 Data Processing Errors vulnerability in Collne Welcart E-Commerce
The Collne Welcart e-Commerce plugin before 1.8.3 for WordPress mishandles sessions, which allows remote attackers to obtain access by leveraging knowledge of the e-mail address associated with an account.
network
low complexity
collne CWE-19
6.5
2016-06-25 CVE-2016-4827 Cross-site Scripting vulnerability in Collne Welcart E-Commerce
Cross-site scripting (XSS) vulnerability in the Collne Welcart e-Commerce plugin before 1.8.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-4826.
network
low complexity
collne CWE-79
6.1
2016-06-25 CVE-2016-4826 Cross-site Scripting vulnerability in Collne Welcart E-Commerce
Cross-site scripting (XSS) vulnerability in the Collne Welcart e-Commerce plugin before 1.8.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-4827.
network
low complexity
collne CWE-79
6.1
2016-06-25 CVE-2016-4825 Improper Input Validation vulnerability in Collne Welcart E-Commerce
The Collne Welcart e-Commerce plugin before 1.8.3 for WordPress allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via crafted serialized data.
network
high complexity
collne CWE-20
5.6
2015-12-29 CVE-2015-7791 SQL Injection vulnerability in Collne Welcart
Multiple SQL injection vulnerabilities in admin.php in the Collne Welcart plugin before 1.5.3 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) search[column] or (2) switch parameter.
network
low complexity
collne CWE-89
6.3