Welcart E Commerce
by Collne Inc.
CVEs (24)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-4236 | 0.00 | — | 0.01 | Jan 2, 2023 | The Welcart e-Commerce WordPress plugin before 2.8.5 does not validate user input before using it to output the content of a file via an AJAX action available to any authenticated users, which could allow users with a role as low as subscriber to read arbitrary files on the… | |||
| CVE-2022-3946 | 0.00 | — | 0.00 | Dec 12, 2022 | The Welcart e-Commerce WordPress plugin before 2.8.4 does not have authorisation and CSRF in an AJAX action, allowing any logged-in user to create, update and delete shipping methods. | |||
| CVE-2022-3935 | 0.00 | — | 0.00 | Dec 12, 2022 | The Welcart e-Commerce WordPress plugin before 2.8.4 does not sanitise and escape some parameters, which could allow any authenticated users, such as subscriber to perform Stored Cross-Site Scripting attacks | |||
| CVE-2021-20734 | 0.00 | — | 0.01 | Jun 22, 2021 | Cross-site scripting vulnerability in Welcart e-Commerce versions prior to 2.2.4 allows remote attackers to inject arbitrary script or HTML via unspecified vectors. |
- CVE-2022-4236Jan 2, 2023risk 0.00cvss —epss 0.01
The Welcart e-Commerce WordPress plugin before 2.8.5 does not validate user input before using it to output the content of a file via an AJAX action available to any authenticated users, which could allow users with a role as low as subscriber to read arbitrary files on the…
- CVE-2022-3946Dec 12, 2022risk 0.00cvss —epss 0.00
The Welcart e-Commerce WordPress plugin before 2.8.4 does not have authorisation and CSRF in an AJAX action, allowing any logged-in user to create, update and delete shipping methods.
- CVE-2022-3935Dec 12, 2022risk 0.00cvss —epss 0.00
The Welcart e-Commerce WordPress plugin before 2.8.4 does not sanitise and escape some parameters, which could allow any authenticated users, such as subscriber to perform Stored Cross-Site Scripting attacks
- CVE-2021-20734Jun 22, 2021risk 0.00cvss —epss 0.01
Cross-site scripting vulnerability in Welcart e-Commerce versions prior to 2.2.4 allows remote attackers to inject arbitrary script or HTML via unspecified vectors.
Page 2 of 2