Vulnerabilities > Collne > Welcart E Commerce > 2.8.23

DATE CVE VULNERABILITY TITLE RISK
2023-12-28 CVE-2023-50847 SQL Injection vulnerability in Collne Welcart E-Commerce
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Collne Inc.
network
low complexity
collne CWE-89
7.2
7.2
2023-12-09 CVE-2023-6120 Path Traversal vulnerability in Collne Welcart E-Commerce
The Welcart e-Commerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.9.6 via the upload_certificate_file function.
network
low complexity
collne CWE-22
2.7
2.7
2023-12-04 CVE-2023-5953 Unrestricted Upload of File with Dangerous Type vulnerability in Collne Welcart E-Commerce
The Welcart e-Commerce WordPress plugin before 2.9.5 does not validate files to be uploaded, as well as does not have authorisation and CSRF in an AJAX action handling such upload.
network
low complexity
collne CWE-434
8.8
8.8