CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5951 – Welcart e-Commerce < 2.9.5 - Reflected XSS
https://notcve.org/view.php?id=CVE-2023-5951
10 Nov 2023 — The Welcart e-Commerce WordPress plugin before 2.9.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin El complemento Welcart e-Commerce de WordPress anterior a 2.9.5 no sanitiza ni escapa un parámetro antes de devolverlo a la página, lo que genera Cross-Site Scripting Reflejado que podría usarse contra usuarios con privilegios elevados, como el administrador. The Welcart ... • https://wpscan.com/vulnerability/81dc093a-545d-4bcd-ab85-ee9472d709e5 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5952 – Welcart e-Commerce < 2.9.5 - Unauthenticated PHP Object Injection
https://notcve.org/view.php?id=CVE-2023-5952
10 Nov 2023 — The Welcart e-Commerce WordPress plugin before 2.9.5 unserializes user input from cookies, which could allow unautehtniacted users to perform PHP Object Injection when a suitable gadget is present on the blog El complemento Welcart e-Commerce de WordPress anterior a 2.9.5 deserializa la entrada del usuario a través de cookies, lo que podría permitir a usuarios no autenticados realizar inyección de objetos PHP cuando hay un gadget adecuado presente en el blog. The Welcart e-Commerce plugin for WordPress is v... • https://wpscan.com/vulnerability/0acd613e-dbd6-42ae-9f3d-6d6e77a4c1b7 • CWE-502: Deserialization of Untrusted Data •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40532
https://notcve.org/view.php?id=CVE-2023-40532
26 Sep 2023 — Path traversal vulnerability in Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with author or higher privilege to obtain partial information of the files on the web server. La vulnerabilidad de path traversal en las versiones 2.7 a 2.8.21 de Welcart e-Commerce permite a un usuario con privilegios de autor o superiores obtener información parcial de los archivos en el servidor web. • https://jvn.jp/en/jp/JVN97197972 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •