Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2023-01-16	CVE-2022-4655	Unspecified vulnerability in Collne Welcart E-Commerce The Welcart e-Commerce WordPress plugin before 2.8.9 does not validate and escapes one of its shortcode attributes, which could allow users with a role as low as a contributor to perform a Stored Cross-Site Scripting attack. network low complexity collne	5.4
2023-01-02	CVE-2022-4236	Files or Directories Accessible to External Parties vulnerability in Collne Welcart E-Commerce The Welcart e-Commerce WordPress plugin before 2.8.5 does not validate user input before using it to output the content of a file via an AJAX action available to any authenticated users, which could allow users with a role as low as subscriber to read arbitrary files on the server. network low complexity collne CWE-552	6.5
2022-12-12	CVE-2022-3935	Unspecified vulnerability in Collne Welcart E-Commerce The Welcart e-Commerce WordPress plugin before 2.8.4 does not sanitise and escape some parameters, which could allow any authenticated users, such as subscriber to perform Stored Cross-Site Scripting attacks network low complexity collne	5.4
2022-12-12	CVE-2022-3946	Missing Authorization vulnerability in Collne Welcart E-Commerce The Welcart e-Commerce WordPress plugin before 2.8.4 does not have authorisation and CSRF in an AJAX action, allowing any logged-in user to create, update and delete shipping methods. network low complexity collne CWE-862	6.5
2021-06-22	CVE-2021-20734	Cross-site Scripting vulnerability in Collne Welcart 1.5.2 Cross-site scripting vulnerability in Welcart e-Commerce versions prior to 2.2.4 allows remote attackers to inject arbitrary script or HTML via unspecified vectors. network collne CWE-79	4.3
2020-11-07	CVE-2020-28339	Unspecified vulnerability in Collne Welcart E-Commerce The usc-e-shop (aka Collne Welcart e-Commerce) plugin before 1.9.36 for WordPress allows Object Injection because of usces_unserialize. network low complexity collne	6.5
2016-06-25	CVE-2016-4828	Data Processing Errors vulnerability in Collne Welcart E-Commerce The Collne Welcart e-Commerce plugin before 1.8.3 for WordPress mishandles sessions, which allows remote attackers to obtain access by leveraging knowledge of the e-mail address associated with an account. network low complexity collne CWE-19	6.4
2016-06-25	CVE-2016-4827	Cross-site Scripting vulnerability in Collne Welcart E-Commerce Cross-site scripting (XSS) vulnerability in the Collne Welcart e-Commerce plugin before 1.8.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-4826. network collne CWE-79	4.3
2016-06-25	CVE-2016-4826	Cross-site Scripting vulnerability in Collne Welcart E-Commerce Cross-site scripting (XSS) vulnerability in the Collne Welcart e-Commerce plugin before 1.8.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-4827. network collne CWE-79	4.3
2016-06-25	CVE-2016-4825	Improper Input Validation vulnerability in Collne Welcart E-Commerce The Collne Welcart e-Commerce plugin before 1.8.3 for WordPress allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via crafted serialized data. network collne CWE-20	6.8