Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Welcart_e\-Commerce
(Collne)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 25 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2016-06-25 | CVE-2016-4828 | The Collne Welcart e-Commerce plugin before 1.8.3 for WordPress mishandles sessions, which allows remote attackers to obtain access by leveraging knowledge of the e-mail address associated with an account. | Welcart_e\-Commerce | 6.5 | ||
| 2016-06-25 | CVE-2016-4826 | Cross-site scripting (XSS) vulnerability in the Collne Welcart e-Commerce plugin before 1.8.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-4827. | Welcart_e\-Commerce | 6.1 | ||
| 2016-06-25 | CVE-2016-4825 | The Collne Welcart e-Commerce plugin before 1.8.3 for WordPress allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via crafted serialized data. | Welcart_e\-Commerce | 5.6 | ||
| 2016-06-25 | CVE-2016-4827 | Cross-site scripting (XSS) vulnerability in the Collne Welcart e-Commerce plugin before 1.8.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-4826. | Welcart_e\-Commerce | 6.1 | ||
| 2020-11-07 | CVE-2020-28339 | The usc-e-shop (aka Collne Welcart e-Commerce) plugin before 1.9.36 for WordPress allows Object Injection because of usces_unserialize. There is not a complete POP chain. | Welcart_e\-Commerce | 8.8 |