6 results (0.038 seconds)

CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1

10 Nov 2023 — The Welcart e-Commerce WordPress plugin before 2.9.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin El complemento Welcart e-Commerce de WordPress anterior a 2.9.5 no sanitiza ni escapa un parámetro antes de devolverlo a la página, lo que genera Cross-Site Scripting Reflejado que podría usarse contra usuarios con privilegios elevados, como el administrador. The Welcart ... • https://wpscan.com/vulnerability/81dc093a-545d-4bcd-ab85-ee9472d709e5 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1

10 Nov 2023 — The Welcart e-Commerce WordPress plugin before 2.9.5 unserializes user input from cookies, which could allow unautehtniacted users to perform PHP Object Injection when a suitable gadget is present on the blog El complemento Welcart e-Commerce de WordPress anterior a 2.9.5 deserializa la entrada del usuario a través de cookies, lo que podría permitir a usuarios no autenticados realizar inyección de objetos PHP cuando hay un gadget adecuado presente en el blog. The Welcart e-Commerce plugin for WordPress is v... • https://wpscan.com/vulnerability/0acd613e-dbd6-42ae-9f3d-6d6e77a4c1b7 • CWE-502: Deserialization of Untrusted Data •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

26 Sep 2023 — Path traversal vulnerability in Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with author or higher privilege to obtain partial information of the files on the web server. La vulnerabilidad de path traversal en las versiones 2.7 a 2.8.21 de Welcart e-Commerce permite a un usuario con privilegios de autor o superiores obtener información parcial de los archivos en el servidor web. • https://jvn.jp/en/jp/JVN97197972 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

11 Jun 2021 — Cross-site scripting vulnerability in Welcart e-Commerce versions prior to 2.2.4 allows remote attackers to inject arbitrary script or HTML via unspecified vectors. Una vulnerabilidad de tipo cross-site scripting en Welcart e-Commerce versiones anteriores a 2.2.4, permite a atacantes remotos inyectar un script o HTML arbitrario por medio de vectores no especificados • https://jvn.jp/en/jp/JVN70566757/index.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

17 Dec 2015 — Multiple SQL injection vulnerabilities in admin.php in the Collne Welcart plugin before 1.5.3 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) search[column] or (2) switch parameter. Múltiples vulnerabilidades de inyección SQL en admin.php en el plugin Collne Welcart en versiones anteriores a 1.5.3 para WordPress permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través del parámetro (1) search[column] o (2) switch. • http://jvn.jp/en/jp/JVN43344629/index.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0

15 Jul 2015 — Multiple cross-site scripting (XSS) vulnerabilities in the Welcart plugin before 1.4.18 for WordPress allow remote attackers to inject arbitrary web script or HTML via the usces_referer parameter to (1) classes/usceshop.class.php, (2) includes/edit-form-advanced.php, (3) includes/edit-form-advanced30.php, (4) includes/edit-form-advanced34.php, (5) includes/member_edit_form.php, (6) includes/order_edit_form.php, (7) includes/order_list.php, or (8) includes/usces_item_master_list.php, related to admin.php. Mú... • http://jvn.jp/en/jp/JVN97971874/index.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •