Filtered by vendor Collne
Subscriptions
Filtered by product Welcart E-commerce
Subscriptions
Total
25 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-4140 | 1 Collne | 1 Welcart E-commerce | 2024-08-03 | 7.5 High |
| The Welcart e-Commerce WordPress plugin before 2.8.5 does not validate user input before using it to output the content of a file, which could allow unauthenticated attacker to read arbitrary files on the server | ||||
| CVE-2022-3946 | 1 Collne | 1 Welcart E-commerce | 2024-08-03 | 6.5 Medium |
| The Welcart e-Commerce WordPress plugin before 2.8.4 does not have authorisation and CSRF in an AJAX action, allowing any logged-in user to create, update and delete shipping methods. | ||||
| CVE-2022-3935 | 1 Collne | 1 Welcart E-commerce | 2024-08-03 | 5.4 Medium |
| The Welcart e-Commerce WordPress plugin before 2.8.4 does not sanitise and escape some parameters, which could allow any authenticated users, such as subscriber to perform Stored Cross-Site Scripting attacks | ||||
| CVE-2023-22705 | 1 Collne | 1 Welcart E-commerce | 2024-08-02 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Collne Inc. Welcart e-Commerce plugin <= 2.8.10 versions. | ||||
| CVE-2023-5953 | 1 Collne | 1 Welcart E-commerce | 2024-08-02 | 8.8 High |
| The Welcart e-Commerce WordPress plugin before 2.9.5 does not validate files to be uploaded, as well as does not have authorisation and CSRF in an AJAX action handling such upload. As a result, any authenticated users, such as subscriber could upload arbitrary files, such as PHP on the server | ||||