Vulnerabilities > Welcart > Welcart E Commerce > 1.5.2

DATE CVE VULNERABILITY TITLE RISK
2016-06-25 CVE-2016-4826 Cross-site Scripting vulnerability in Welcart E-Commerce
Cross-site scripting (XSS) vulnerability in the Collne Welcart e-Commerce plugin before 1.8.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-4827.
network
low complexity
welcart CWE-79
6.1
6.1
2016-06-25 CVE-2016-4825 Improper Input Validation vulnerability in Welcart E-Commerce
The Collne Welcart e-Commerce plugin before 1.8.3 for WordPress allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via crafted serialized data.
network
high complexity
welcart CWE-20
5.6
5.6
2015-12-29 CVE-2015-7791 SQL Injection vulnerability in Welcart E-Commerce
Multiple SQL injection vulnerabilities in admin.php in the Collne Welcart plugin before 1.5.3 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) search[column] or (2) switch parameter.
network
low complexity
welcart CWE-89
6.3
6.3