Vulnerabilities > Collne > Welcart
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-04 | CVE-2023-5951 | Cross-site Scripting vulnerability in Collne Welcart The Welcart e-Commerce WordPress plugin before 2.9.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | 6.1 |
| 2023-12-04 | CVE-2023-5952 | Unspecified vulnerability in Collne Welcart The Welcart e-Commerce WordPress plugin before 2.9.5 unserializes user input from cookies, which could allow unautehtniacted users to perform PHP Object Injection when a suitable gadget is present on the blog | 9.8 |
| 2023-09-27 | CVE-2023-40532 | Path Traversal vulnerability in Collne Welcart Path traversal vulnerability in Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with author or higher privilege to obtain partial information of the files on the web server. | 4.3 |
| 2021-06-22 | CVE-2021-20734 | Cross-site Scripting vulnerability in Collne Welcart 1.5.2 Cross-site scripting vulnerability in Welcart e-Commerce versions prior to 2.2.4 allows remote attackers to inject arbitrary script or HTML via unspecified vectors. | 6.1 |
| 2015-12-29 | CVE-2015-7791 | SQL Injection vulnerability in Collne Welcart Multiple SQL injection vulnerabilities in admin.php in the Collne Welcart plugin before 1.5.3 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) search[column] or (2) switch parameter. | 6.3 |