Latest collne welcart e-commerce Vulnerabilities

CVE-2023-50847
WordPress Welcart e-Commerce Plugin <= 2.9.3 is vulnerable to SQL Injection
Collne Welcart E-commerce<=2.9.3
CVE-2023-6120
The Welcart e-Commerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.9.6 via the upload_certificate_file function. This makes it possible for admini...
Collne Welcart E-commerce<2.9.7
CVE-2023-5953
Welcart e-Commerce < 2.9.5 - Subscriber+ Arbitrary File Upload
Collne Welcart E-commerce<2.9.5
CVE-2023-43493
SQL injection vulnerability in Item List page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with author or higher privilege to obtain sensitive information.
Collne Welcart E-commerce>=2.7<=2.8.21
CVE-2023-43614
Cross-site scripting vulnerability in Order Data Edit page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script.
Collne Welcart E-commerce>=2.7<=2.8.21
CVE-2023-43484
Cross-site scripting vulnerability in Item List page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script.
Collne Welcart E-commerce>=2.7<=2.8.21
CVE-2023-43610
SQL injection vulnerability in Order Data Edit page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with editor (without setting authority) or higher privilege to perform unintended databas...
Collne Welcart E-commerce>=2.7<=2.8.21
CVE-2023-41962
Cross-site scripting vulnerability in Credit Card Payment Setup page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script in the page.
Collne Welcart E-commerce>=2.7<=2.8.21
CVE-2023-41233
Cross-site scripting vulnerability in Item List page registration process of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script.
Collne Welcart E-commerce>=2.7<=2.8.21
CVE-2023-40219
Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with editor or higher privilege to upload an arbitrary file to an unauthorized directory.
Collne Welcart E-commerce>=2.7<=2.8.21
CVE-2021-4375
The Welcart e-Commerce plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the usces_download_system_information() function in versions up to, and including...
Collne Welcart E-commerce<=2.2.7
CVE-2021-4355
The Welcart e-Commerce plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the download_orderdetail_list(), change_orderlist(), and download_member_list() fu...
Collne Welcart E-commerce<=2.2.7
CVE-2023-22705
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Collne Inc. Welcart e-Commerce plugin <= 2.8.10 versions.
Collne Welcart E-commerce<=2.8.10
CVE-2022-4655
The Welcart e-Commerce WordPress plugin before 2.8.9 does not validate and escapes one of its shortcode attributes, which could allow users with a role as low as a contributor to perform a Stored Cros...
Collne Welcart E-commerce<2.8.9
CVE-2022-4237
The Welcart e-Commerce WordPress plugin before 2.8.6 does not validate user input before using it in file_exist() functions via various AJAX actions available to any authenticated users, which could a...
Collne Welcart E-commerce<2.8.6
CVE-2022-4236
The Welcart e-Commerce WordPress plugin before 2.8.5 does not validate user input before using it to output the content of a file via an AJAX action available to any authenticated users, which could a...
Collne Welcart E-commerce<2.8.5
CVE-2022-3935
The Welcart e-Commerce WordPress plugin before 2.8.4 does not sanitise and escape some parameters, which could allow any authenticated users, such as subscriber to perform Stored Cross-Site Scripting ...
Collne Welcart E-commerce<2.8.4
CVE-2022-3946
The Welcart e-Commerce WordPress plugin before 2.8.4 does not have authorisation and CSRF in an AJAX action, allowing any logged-in user to create, update and delete shipping methods.
Collne Welcart E-commerce<2.8.4
CVE-2022-41840
Unauth. Directory Traversal vulnerability in Welcart eCommerce plugin <= 2.7.7 on WordPress.
Collne Welcart E-commerce<2.7.8
CVE-2020-28339
The usc-e-shop (aka Collne Welcart e-Commerce) plugin before 1.9.36 for WordPress allows Object Injection because of usces_unserialize. There is not a complete POP chain.
Collne Welcart E-commerce<1.9.36

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203