Vulnerabilities > Welcart

DATE	CVE	VULNERABILITY TITLE	RISK
2023-01-02	CVE-2022-4237	Unspecified vulnerability in Welcart E-Commerce The Welcart e-Commerce WordPress plugin before 2.8.6 does not validate user input before using it in file_exist() functions via various AJAX actions available to any authenticated users, which could allow users with a role as low as subscriber to perform PHAR deserialisation when they can upload a file and a suitable gadget chain is present on the blog network low complexity welcart	8.8
2022-12-12	CVE-2022-3935	Unspecified vulnerability in Welcart E-Commerce The Welcart e-Commerce WordPress plugin before 2.8.4 does not sanitise and escape some parameters, which could allow any authenticated users, such as subscriber to perform Stored Cross-Site Scripting attacks network low complexity welcart	5.4
2022-12-12	CVE-2022-3946	Missing Authorization vulnerability in Welcart E-Commerce The Welcart e-Commerce WordPress plugin before 2.8.4 does not have authorisation and CSRF in an AJAX action, allowing any logged-in user to create, update and delete shipping methods. network low complexity welcart CWE-862	6.5
2022-11-18	CVE-2022-41840	Path Traversal vulnerability in Welcart E-Commerce Unauth. network low complexity welcart CWE-22 critical	9.8
2021-06-22	CVE-2021-20734	Cross-site Scripting vulnerability in Welcart E-Commerce 1.5.2 Cross-site scripting vulnerability in Welcart e-Commerce versions prior to 2.2.4 allows remote attackers to inject arbitrary script or HTML via unspecified vectors. network low complexity welcart CWE-79	6.1
2020-11-07	CVE-2020-28339	Deserialization of Untrusted Data vulnerability in Welcart E-Commerce The usc-e-shop (aka Collne Welcart e-Commerce) plugin before 1.9.36 for WordPress allows Object Injection because of usces_unserialize. network low complexity welcart CWE-502	8.8
2016-06-25	CVE-2016-4828	Data Processing Errors vulnerability in Welcart E-Commerce The Collne Welcart e-Commerce plugin before 1.8.3 for WordPress mishandles sessions, which allows remote attackers to obtain access by leveraging knowledge of the e-mail address associated with an account. network low complexity welcart CWE-19	6.5
2016-06-25	CVE-2016-4827	Cross-site Scripting vulnerability in Welcart E-Commerce Cross-site scripting (XSS) vulnerability in the Collne Welcart e-Commerce plugin before 1.8.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-4826. network low complexity welcart CWE-79	6.1
2016-06-25	CVE-2016-4826	Cross-site Scripting vulnerability in Welcart E-Commerce Cross-site scripting (XSS) vulnerability in the Collne Welcart e-Commerce plugin before 1.8.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-4827. network low complexity welcart CWE-79	6.1
2016-06-25	CVE-2016-4825	Improper Input Validation vulnerability in Welcart E-Commerce The Collne Welcart e-Commerce plugin before 1.8.3 for WordPress allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via crafted serialized data. network high complexity welcart CWE-20	5.6

Vulnerabilities > Welcart {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Welcart"}]}

Vulnerabilities > Welcart