Vulnerabilities > Collne > Welcart E Commerce > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-12-12 CVE-2022-3935 Unspecified vulnerability in Collne Welcart E-Commerce
The Welcart e-Commerce WordPress plugin before 2.8.4 does not sanitise and escape some parameters, which could allow any authenticated users, such as subscriber to perform Stored Cross-Site Scripting attacks
network
low complexity
collne
5.4
5.4
2022-12-12 CVE-2022-3946 Missing Authorization vulnerability in Collne Welcart E-Commerce
The Welcart e-Commerce WordPress plugin before 2.8.4 does not have authorisation and CSRF in an AJAX action, allowing any logged-in user to create, update and delete shipping methods.
network
low complexity
collne CWE-862
6.5
6.5
2016-06-25 CVE-2016-4828 Data Processing Errors vulnerability in Collne Welcart E-Commerce
The Collne Welcart e-Commerce plugin before 1.8.3 for WordPress mishandles sessions, which allows remote attackers to obtain access by leveraging knowledge of the e-mail address associated with an account.
network
low complexity
collne CWE-19
6.5
6.5
2016-06-25 CVE-2016-4827 Cross-site Scripting vulnerability in Collne Welcart E-Commerce
Cross-site scripting (XSS) vulnerability in the Collne Welcart e-Commerce plugin before 1.8.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-4826.
network
low complexity
collne CWE-79
6.1
6.1
2016-06-25 CVE-2016-4826 Cross-site Scripting vulnerability in Collne Welcart E-Commerce
Cross-site scripting (XSS) vulnerability in the Collne Welcart e-Commerce plugin before 1.8.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-4827.
network
low complexity
collne CWE-79
6.1
6.1
2016-06-25 CVE-2016-4825 Improper Input Validation vulnerability in Collne Welcart E-Commerce
The Collne Welcart e-Commerce plugin before 1.8.3 for WordPress allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via crafted serialized data.
network
high complexity
collne CWE-20
5.6
5.6