Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
collne welcart e-commerce vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2022-3935
The Welcart e-Commerce WordPress plugin prior to 2.8.4 does not sanitise and escape some parameters, which could allow any authenticated users, such as subscriber to perform Stored Cross-Site Scripting attacks
Collne Welcart E-commerce
6.1
CVSSv3
CVE-2023-22705
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Collne Inc. Welcart e-Commerce plugin <= 2.8.10 versions.
Collne Welcart E-commerce
8.8
CVSSv3
CVE-2020-28339
The usc-e-shop (aka Collne Welcart e-Commerce) plugin prior to 1.9.36 for WordPress allows Object Injection because of usces_unserialize. There is not a complete POP chain.
Collne Welcart E-commerce
6.1
CVSSv3
CVE-2023-41233
Cross-site scripting vulnerability in Item List page registration process of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated malicious user to inject an arbitrary script.
Collne Welcart E-commerce
7.2
CVSSv3
CVE-2023-50847
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Collne Inc. Welcart e-Commerce.This issue affects Welcart e-Commerce: from n/a up to and including 2.9.3.
Collne Welcart E-commerce
6.1
CVSSv3
CVE-2023-43484
Cross-site scripting vulnerability in Item List page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated malicious user to inject an arbitrary script.
Collne Welcart E-commerce
4.3
CVSSv3
CVE-2021-4375
The Welcart e-Commerce plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the usces_download_system_information() function in versions up to, and including, 2.2.7. This makes it possible for authenticated malicious users to download in...
Collne Welcart E-commerce
6.5
CVSSv3
CVE-2022-3946
The Welcart e-Commerce WordPress plugin prior to 2.8.4 does not have authorisation and CSRF in an AJAX action, allowing any logged-in user to create, update and delete shipping methods.
Collne Welcart E-commerce
8.8
CVSSv3
CVE-2022-4237
The Welcart e-Commerce WordPress plugin prior to 2.8.6 does not validate user input before using it in file_exist() functions via various AJAX actions available to any authenticated users, which could allow users with a role as low as subscriber to perform PHAR deserialisation wh...
Collne Welcart E-commerce
9.8
CVSSv3
CVE-2022-41840
Unauth. Directory Traversal vulnerability in Welcart eCommerce plugin <= 2.7.7 on WordPress.
Collne Welcart E-commerce
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5834
CVE-2024-30100
CVE-2024-4577
physical
dos
CVE-2024-30099
CVE-2024-27801
CVE-2024-32146
logic flaw
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »