Filtered by vendor Welcart
Subscribe
Total
40 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-10016 | 1 Welcart | 1 E-commerce | 2025-04-12 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Welcart e-Commerce plugin 1.3.12 for WordPress allow remote attackers to inject arbitrary web script or HTML via (1) unspecified vectors related to purchase_limit or the (2) name, (3) intl, (4) nocod, or (5) time parameter in an add_delivery_method action to wp-admin/admin-ajax.php. | |||||
| CVE-2022-4237 | 1 Welcart | 1 Welcart E-commerce | 2025-04-10 | N/A | 8.8 HIGH |
| The Welcart e-Commerce WordPress plugin before 2.8.6 does not validate user input before using it in file_exist() functions via various AJAX actions available to any authenticated users, which could allow users with a role as low as subscriber to perform PHAR deserialisation when they can upload a file and a suitable gadget chain is present on the blog | |||||
| CVE-2022-4236 | 1 Welcart | 1 Welcart E-commerce | 2025-04-10 | N/A | 6.5 MEDIUM |
| The Welcart e-Commerce WordPress plugin before 2.8.5 does not validate user input before using it to output the content of a file via an AJAX action available to any authenticated users, which could allow users with a role as low as subscriber to read arbitrary files on the server. | |||||
| CVE-2022-4140 | 1 Welcart | 1 Welcart E-commerce | 2025-04-10 | N/A | 7.5 HIGH |
| The Welcart e-Commerce WordPress plugin before 2.8.5 does not validate user input before using it to output the content of a file, which could allow unauthenticated attacker to read arbitrary files on the server | |||||
| CVE-2022-4655 | 1 Welcart | 1 Welcart E-commerce | 2025-04-04 | N/A | 5.4 MEDIUM |
| The Welcart e-Commerce WordPress plugin before 2.8.9 does not validate and escapes one of its shortcode attributes, which could allow users with a role as low as a contributor to perform a Stored Cross-Site Scripting attack. | |||||
| CVE-2025-0511 | 1 Welcart | 1 Welcart E-commerce | 2025-02-20 | N/A | 7.2 HIGH |
| The Welcart e-Commerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘name’ parameter in all versions up to, and including, 2.11.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2022-41840 | 1 Welcart | 1 Welcart E-commerce | 2025-02-20 | N/A | 7.5 HIGH |
| Unauth. Directory Traversal vulnerability in Welcart eCommerce plugin <= 2.7.7 on WordPress. | |||||
| CVE-2023-43614 | 1 Welcart | 1 Welcart E-commerce | 2025-02-20 | N/A | 6.1 MEDIUM |
| Cross-site scripting vulnerability in Order Data Edit page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script. | |||||
| CVE-2023-43484 | 1 Welcart | 1 Welcart E-commerce | 2025-02-20 | N/A | 6.1 MEDIUM |
| Cross-site scripting vulnerability in Item List page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script. | |||||
| CVE-2023-43493 | 1 Welcart | 1 Welcart E-commerce | 2025-02-20 | N/A | 4.9 MEDIUM |
| SQL injection vulnerability in Item List page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with author or higher privilege to obtain sensitive information. | |||||
| CVE-2023-40219 | 1 Welcart | 1 Welcart E-commerce | 2025-02-20 | N/A | 7.2 HIGH |
| Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with editor or higher privilege to upload an arbitrary file to an unauthorized directory. | |||||
| CVE-2023-43610 | 1 Welcart | 1 Welcart E-commerce | 2025-02-20 | N/A | 8.8 HIGH |
| SQL injection vulnerability in Order Data Edit page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with editor (without setting authority) or higher privilege to perform unintended database operations. | |||||
| CVE-2023-22705 | 1 Welcart | 1 Welcart E-commerce | 2025-02-20 | N/A | 7.1 HIGH |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Collne Inc. Welcart e-Commerce plugin <= 2.8.10 versions. | |||||
| CVE-2023-41962 | 1 Welcart | 1 Welcart E-commerce | 2025-02-20 | N/A | 6.1 MEDIUM |
| Cross-site scripting vulnerability in Credit Card Payment Setup page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script in the page. | |||||
| CVE-2020-28339 | 1 Welcart | 1 Welcart E-commerce | 2025-02-20 | 6.5 MEDIUM | 7.5 HIGH |
| The usc-e-shop (aka Collne Welcart e-Commerce) plugin before 1.9.36 for WordPress allows Object Injection because of usces_unserialize. There is not a complete POP chain. | |||||
| CVE-2023-41233 | 1 Welcart | 1 Welcart E-commerce | 2025-02-20 | N/A | 6.1 MEDIUM |
| Cross-site scripting vulnerability in Item List page registration process of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script. | |||||
| CVE-2023-5952 | 1 Welcart | 1 Welcart E-commerce | 2025-02-20 | N/A | 9.8 CRITICAL |
| The Welcart e-Commerce WordPress plugin before 2.9.5 unserializes user input from cookies, which could allow unautehtniacted users to perform PHP Object Injection when a suitable gadget is present on the blog | |||||
| CVE-2023-5951 | 1 Welcart | 1 Welcart E-commerce | 2025-02-20 | N/A | 6.1 MEDIUM |
| The Welcart e-Commerce WordPress plugin before 2.9.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | |||||
| CVE-2021-20734 | 1 Welcart | 1 Welcart E-commerce | 2025-02-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in Welcart e-Commerce versions prior to 2.2.4 allows remote attackers to inject arbitrary script or HTML via unspecified vectors. | |||||
| CVE-2024-32144 | 1 Welcart | 1 Welcart E-commerce | 2024-11-21 | N/A | 5.4 MEDIUM |
| Missing Authorization vulnerability in Welcart Inc. Welcart e-Commerce.This issue affects Welcart e-Commerce: from n/a through 2.9.14. | |||||