Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Welcart_e\-Commerce
(Collne)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 25 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-09-27 | CVE-2023-43484 | Cross-site scripting vulnerability in Item List page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script. | Welcart_e\-Commerce | 6.1 | ||
| 2023-09-27 | CVE-2023-43614 | Cross-site scripting vulnerability in Order Data Edit page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script. | Welcart_e\-Commerce | 6.1 | ||
| 2023-09-27 | CVE-2023-43493 | SQL injection vulnerability in Item List page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with author or higher privilege to obtain sensitive information. | Welcart_e\-Commerce | 4.9 | ||
| 2023-09-27 | CVE-2023-43610 | SQL injection vulnerability in Order Data Edit page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with editor (without setting authority) or higher privilege to perform unintended database operations. | Welcart_e\-Commerce | 8.8 | ||
| 2022-11-18 | CVE-2022-41840 | Unauth. Directory Traversal vulnerability in Welcart eCommerce plugin <= 2.7.7 on WordPress. | Welcart_e\-Commerce | 9.8 | ||
| 2016-06-25 | CVE-2016-4828 | The Collne Welcart e-Commerce plugin before 1.8.3 for WordPress mishandles sessions, which allows remote attackers to obtain access by leveraging knowledge of the e-mail address associated with an account. | Welcart_e\-Commerce | 6.5 | ||
| 2016-06-25 | CVE-2016-4826 | Cross-site scripting (XSS) vulnerability in the Collne Welcart e-Commerce plugin before 1.8.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-4827. | Welcart_e\-Commerce | 6.1 | ||
| 2016-06-25 | CVE-2016-4825 | The Collne Welcart e-Commerce plugin before 1.8.3 for WordPress allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via crafted serialized data. | Welcart_e\-Commerce | 5.6 | ||
| 2016-06-25 | CVE-2016-4827 | Cross-site scripting (XSS) vulnerability in the Collne Welcart e-Commerce plugin before 1.8.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-4826. | Welcart_e\-Commerce | 6.1 | ||
| 2020-11-07 | CVE-2020-28339 | The usc-e-shop (aka Collne Welcart e-Commerce) plugin before 1.9.36 for WordPress allows Object Injection because of usces_unserialize. There is not a complete POP chain. | Welcart_e\-Commerce | 8.8 |