Vulnerabilities > Collne > Welcart E Commerce > 1.8.3

DATE CVE VULNERABILITY TITLE RISK
2022-12-12 CVE-2022-3935 Unspecified vulnerability in Collne Welcart E-Commerce
The Welcart e-Commerce WordPress plugin before 2.8.4 does not sanitise and escape some parameters, which could allow any authenticated users, such as subscriber to perform Stored Cross-Site Scripting attacks
network
low complexity
collne
5.4
5.4
2022-12-12 CVE-2022-3946 Missing Authorization vulnerability in Collne Welcart E-Commerce
The Welcart e-Commerce WordPress plugin before 2.8.4 does not have authorisation and CSRF in an AJAX action, allowing any logged-in user to create, update and delete shipping methods.
network
low complexity
collne CWE-862
6.5
6.5
2022-11-18 CVE-2022-41840 Path Traversal vulnerability in Collne Welcart E-Commerce
Unauth.
network
low complexity
collne CWE-22
critical
 9.8
9.8
2020-11-07 CVE-2020-28339 Unspecified vulnerability in Collne Welcart E-Commerce
The usc-e-shop (aka Collne Welcart e-Commerce) plugin before 1.9.36 for WordPress allows Object Injection because of usces_unserialize.
network
low complexity
collne
6.5
6.5