Vulnerabilities > Welcart > Welcart E Commerce > 1.5.2
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2016-06-25 | CVE-2016-4826 | Cross-site Scripting vulnerability in Welcart E-Commerce Cross-site scripting (XSS) vulnerability in the Collne Welcart e-Commerce plugin before 1.8.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-4827. | 6.1 |
2016-06-25 | CVE-2016-4825 | Improper Input Validation vulnerability in Welcart E-Commerce The Collne Welcart e-Commerce plugin before 1.8.3 for WordPress allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via crafted serialized data. | 5.6 |
2015-12-29 | CVE-2015-7791 | SQL Injection vulnerability in Welcart E-Commerce Multiple SQL injection vulnerabilities in admin.php in the Collne Welcart plugin before 1.5.3 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) search[column] or (2) switch parameter. | 6.3 |