CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-28339 – Welcart e-Commerce <= 1.9.35 - PHP Object Injection
https://notcve.org/view.php?id=CVE-2020-28339
05 Nov 2020 — The usc-e-shop (aka Collne Welcart e-Commerce) plugin before 1.9.36 for WordPress allows Object Injection because of usces_unserialize. There is not a complete POP chain. El plugin usc-e-shop (también se conoce como Collne Welcart e-Commerce) versiones anteriores a 1.9.36 para WordPress, permite una Inyección de Objetos debido a la función usces_unserialize. No contiene una cadena POP completa • https://wordpress.org/plugins/usc-e-shop/#developers • CWE-502: Deserialization of Untrusted Data •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4827 – Welcart e-Commerce <= 1.8.2 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2016-4827
24 Jun 2016 — Cross-site scripting (XSS) vulnerability in the Collne Welcart e-Commerce plugin before 1.8.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-4826. Vulnerabilidad de XSS en el plugin Collne Welcart e-Commerce en versiones anteriores a 1.8.3 para WordPress permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados, una vulnerabilidad diferente a CVE-2016-... • http://jvn.jp/en/jp/JVN55826471/index.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4826 – Welcart e-Commerce < 1.8.3 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2016-4826
24 Jun 2016 — Cross-site scripting (XSS) vulnerability in the Collne Welcart e-Commerce plugin before 1.8.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-4827. Vulnerabilidad de XSS en el plugin Collne Welcart e-Commerce en versiones anteriores a 1.8.3 para WordPress permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados, una vulnerabilidad diferente a CVE-2016-... • http://jvn.jp/en/jp/JVN95082904/index.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4825 – Welcart e-Commerce < 1.8.3 - Object Injection
https://notcve.org/view.php?id=CVE-2016-4825
24 Jun 2016 — The Collne Welcart e-Commerce plugin before 1.8.3 for WordPress allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via crafted serialized data. El plugin Collne Welcart e-Commerce en versiones anteriores a 1.8.3 para WordPress permite a atacantes remotos llevar a cabo ataques de inyección de objetos PHP y ejecutar código PHP arbitrario a través de datos serializados manipulados. • http://jvn.jp/en/jp/JVN47363774/index.html • CWE-20: Improper Input Validation CWE-502: Deserialization of Untrusted Data •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4828 – Welcart e-Commerce <= 1.8.2 - Authentication Bypass
https://notcve.org/view.php?id=CVE-2016-4828
24 Jun 2016 — The Collne Welcart e-Commerce plugin before 1.8.3 for WordPress mishandles sessions, which allows remote attackers to obtain access by leveraging knowledge of the e-mail address associated with an account. El plugin Collne Welcart e-Commerce en versiones anteriores a 1.8.3 para WordPress no maneja correctamente las sesiones, lo que permite a atacantes remotos obtener acceso aprovechando el conocimiento de una dirección de correo electrónico asociada a una cuenta. • http://jvn.jp/en/jp/JVN61578437/index.html • CWE-19: Data Processing Errors CWE-288: Authentication Bypass Using an Alternate Path or Channel •