Vulnerabilities > Collne > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-01-16 CVE-2022-4655 Unspecified vulnerability in Collne Welcart E-Commerce
The Welcart e-Commerce WordPress plugin before 2.8.9 does not validate and escapes one of its shortcode attributes, which could allow users with a role as low as a contributor to perform a Stored Cross-Site Scripting attack.
network
low complexity
collne
5.4
5.4
2023-01-02 CVE-2022-4236 Files or Directories Accessible to External Parties vulnerability in Collne Welcart E-Commerce
The Welcart e-Commerce WordPress plugin before 2.8.5 does not validate user input before using it to output the content of a file via an AJAX action available to any authenticated users, which could allow users with a role as low as subscriber to read arbitrary files on the server.
network
low complexity
collne CWE-552
6.5
6.5
2022-12-12 CVE-2022-3935 Unspecified vulnerability in Collne Welcart E-Commerce
The Welcart e-Commerce WordPress plugin before 2.8.4 does not sanitise and escape some parameters, which could allow any authenticated users, such as subscriber to perform Stored Cross-Site Scripting attacks
network
low complexity
collne
5.4
5.4
2022-12-12 CVE-2022-3946 Missing Authorization vulnerability in Collne Welcart E-Commerce
The Welcart e-Commerce WordPress plugin before 2.8.4 does not have authorisation and CSRF in an AJAX action, allowing any logged-in user to create, update and delete shipping methods.
network
low complexity
collne CWE-862
6.5
6.5
2021-06-22 CVE-2021-20734 Cross-site Scripting vulnerability in Collne Welcart 1.5.2
Cross-site scripting vulnerability in Welcart e-Commerce versions prior to 2.2.4 allows remote attackers to inject arbitrary script or HTML via unspecified vectors.
network
low complexity
collne CWE-79
6.1
6.1
2016-06-25 CVE-2016-4828 Data Processing Errors vulnerability in Collne Welcart E-Commerce
The Collne Welcart e-Commerce plugin before 1.8.3 for WordPress mishandles sessions, which allows remote attackers to obtain access by leveraging knowledge of the e-mail address associated with an account.
network
low complexity
collne CWE-19
6.5
6.5
2016-06-25 CVE-2016-4827 Cross-site Scripting vulnerability in Collne Welcart E-Commerce
Cross-site scripting (XSS) vulnerability in the Collne Welcart e-Commerce plugin before 1.8.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-4826.
network
low complexity
collne CWE-79
6.1
6.1
2016-06-25 CVE-2016-4826 Cross-site Scripting vulnerability in Collne Welcart E-Commerce
Cross-site scripting (XSS) vulnerability in the Collne Welcart e-Commerce plugin before 1.8.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-4827.
network
low complexity
collne CWE-79
6.1
6.1
2016-06-25 CVE-2016-4825 Improper Input Validation vulnerability in Collne Welcart E-Commerce
The Collne Welcart e-Commerce plugin before 1.8.3 for WordPress allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via crafted serialized data.
network
high complexity
collne CWE-20
5.6
5.6
2015-12-29 CVE-2015-7791 SQL Injection vulnerability in Collne Welcart
Multiple SQL injection vulnerabilities in admin.php in the Collne Welcart plugin before 1.5.3 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) search[column] or (2) switch parameter.
network
low complexity
collne CWE-89
6.3
6.3