CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45366
https://notcve.org/view.php?id=CVE-2024-45366
Welcart e-Commerce prior to 2.11.2 contains a cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on the user's web browser. • https://www.welcart.com/archives/22581.html https://jvn.jp/en/jp/JVN19766555 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42404 – Welcart e-Commerce <= 2.11.1 - Authenticated (Admin+) SQL Injection
https://notcve.org/view.php?id=CVE-2024-42404
SQL injection vulnerability in Welcart e-Commerce prior to 2.11.2 allows an attacker who can login to the product to obtain or alter the information stored in the database. The Welcart e-Commerce plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 2.11.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. • https://www.welcart.com/archives/22581.html https://jvn.jp/en/jp/JVN19766555 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •