CVE-2024-45366
https://notcve.org/view.php?id=CVE-2024-45366
Welcart e-Commerce prior to 2.11.2 contains a cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on the user's web browser. • https://www.welcart.com/archives/22581.html https://jvn.jp/en/jp/JVN19766555 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-42404 – Welcart e-Commerce <= 2.11.1 - Authenticated (Admin+) SQL Injection
https://notcve.org/view.php?id=CVE-2024-42404
SQL injection vulnerability in Welcart e-Commerce prior to 2.11.2 allows an attacker who can login to the product to obtain or alter the information stored in the database. The Welcart e-Commerce plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 2.11.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. • https://www.welcart.com/archives/22581.html https://jvn.jp/en/jp/JVN19766555 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2014-10017 – Welcart e-Commerce <= 2.9.1 - SQL Injection
https://notcve.org/view.php?id=CVE-2014-10017
Multiple SQL injection vulnerabilities in the Welcart e-Commerce plugin 1.3.12 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) changeSort or (2) switch parameter in the usces_itemedit page to wp-admin/admin.php. Múltiples vulnerabilidades de inyección SQL en el plugin Welcart e-Commerce 1.3.12 para WordPress permiten a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro (1) changeSort o (2) switch en la página usces_itemedit en wp-admin/admin.php. The Welcart e-Commerce for WordPress is vulnerable to SQL Injection via the ‘changeSort’ and 'switch' parameters in versions up to, and including, 2.9.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. *New versions than 2.6.10 may still be vulnerable. • http://packetstormsecurity.com/files/125513 http://www.securityfocus.com/bid/65954 https://exchange.xforce.ibmcloud.com/vulnerabilities/91542 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2014-10016 – Welcart e-Commerce <= 1.3.12 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2014-10016
Multiple cross-site scripting (XSS) vulnerabilities in the Welcart e-Commerce plugin 1.3.12 for WordPress allow remote attackers to inject arbitrary web script or HTML via (1) unspecified vectors related to purchase_limit or the (2) name, (3) intl, (4) nocod, or (5) time parameter in an add_delivery_method action to wp-admin/admin-ajax.php. Múltiples vulnerabilidades de XSS en el plugin Welcart e-Commerce 1.3.12 para WordPress permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de (1) vectores no especificados relacionados con purchase_limit o del parámetro (2) name, (3) intl, (4) nocod, o (5) time en una acción add_delivery_method en wp-admin/admin-ajax.php. • http://packetstormsecurity.com/files/125513 http://secunia.com/advisories/57222 http://www.securityfocus.com/bid/65954 https://exchange.xforce.ibmcloud.com/vulnerabilities/91541 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2012-5177 – Welcart e-Commerce < 1.2.2 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2012-5177
Cross-site scripting (XSS) vulnerability in the Welcart plugin before 1.2.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en el plugin Welcart antes de v1.2.2 para WordPress permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://jvn.jp/en/jp/JVN18731696/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2012-000108 http://www.welcart.com/community/archives/4524 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •