Vulnerabilities > Collne > Welcart E Commerce

DATE CVE VULNERABILITY TITLE RISK
2023-12-28 CVE-2023-50847 Unspecified vulnerability in Collne Welcart E-Commerce
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Collne Inc.
network
low complexity
collne
7.2
7.2
2023-12-09 CVE-2023-6120 Path Traversal vulnerability in Collne Welcart E-Commerce
The Welcart e-Commerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.9.6 via the upload_certificate_file function.
network
low complexity
collne CWE-22
2.7
2.7
2023-12-04 CVE-2023-5953 Unrestricted Upload of File with Dangerous Type vulnerability in Collne Welcart E-Commerce
The Welcart e-Commerce WordPress plugin before 2.9.5 does not validate files to be uploaded, as well as does not have authorisation and CSRF in an AJAX action handling such upload.
network
low complexity
collne CWE-434
8.8
8.8
2023-09-27 CVE-2023-40219 Unrestricted Upload of File with Dangerous Type vulnerability in Collne Welcart E-Commerce
Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with editor or higher privilege to upload an arbitrary file to an unauthorized directory.
network
low complexity
collne CWE-434
7.2
7.2
2023-09-27 CVE-2023-41233 Cross-site Scripting vulnerability in Collne Welcart E-Commerce
Cross-site scripting vulnerability in Item List page registration process of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script.
network
low complexity
collne CWE-79
6.1
6.1
2023-09-27 CVE-2023-41962 Cross-site Scripting vulnerability in Collne Welcart E-Commerce
Cross-site scripting vulnerability in Credit Card Payment Setup page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script in the page.
network
low complexity
collne CWE-79
6.1
6.1
2023-09-27 CVE-2023-43484 Cross-site Scripting vulnerability in Collne Welcart E-Commerce
Cross-site scripting vulnerability in Item List page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script.
network
low complexity
collne CWE-79
6.1
6.1
2023-09-27 CVE-2023-43493 SQL Injection vulnerability in Collne Welcart E-Commerce
SQL injection vulnerability in Item List page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with author or higher privilege to obtain sensitive information.
network
low complexity
collne CWE-89
4.9
4.9
2023-09-27 CVE-2023-43610 SQL Injection vulnerability in Collne Welcart E-Commerce
SQL injection vulnerability in Order Data Edit page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with editor (without setting authority) or higher privilege to perform unintended database operations.
network
low complexity
collne CWE-89
8.8
8.8
2023-09-27 CVE-2023-43614 Cross-site Scripting vulnerability in Collne Welcart E-Commerce
Cross-site scripting vulnerability in Order Data Edit page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script.
network
low complexity
collne CWE-79
6.1
6.1