VYPR

Welcart E Commerce

by Collne Inc.

CVEs (24)

  • CVE-2022-4236Jan 2, 2023
    risk 0.00cvss epss 0.01

    The Welcart e-Commerce WordPress plugin before 2.8.5 does not validate user input before using it to output the content of a file via an AJAX action available to any authenticated users, which could allow users with a role as low as subscriber to read arbitrary files on the…

  • CVE-2022-3946Dec 12, 2022
    risk 0.00cvss epss 0.00

    The Welcart e-Commerce WordPress plugin before 2.8.4 does not have authorisation and CSRF in an AJAX action, allowing any logged-in user to create, update and delete shipping methods.

  • CVE-2022-3935Dec 12, 2022
    risk 0.00cvss epss 0.00

    The Welcart e-Commerce WordPress plugin before 2.8.4 does not sanitise and escape some parameters, which could allow any authenticated users, such as subscriber to perform Stored Cross-Site Scripting attacks

  • CVE-2021-20734Jun 22, 2021
    risk 0.00cvss epss 0.01

    Cross-site scripting vulnerability in Welcart e-Commerce versions prior to 2.2.4 allows remote attackers to inject arbitrary script or HTML via unspecified vectors.

Page 2 of 2