Vulnerabilities (CVE)

Filtered by vendor Collne Subscribe
Total 29 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-4355 1 Collne 1 Welcart E-commerce 2024-11-21 N/A 7.5 HIGH
The Welcart e-Commerce plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the download_orderdetail_list(), change_orderlist(), and download_member_list() functions called via admin_init hooks in versions up to, and including, 2.2.7. This makes it possible for unauthenticated attackers to download lists of members, products and orders.
CVE-2021-20734 1 Collne 1 Welcart 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting vulnerability in Welcart e-Commerce versions prior to 2.2.4 allows remote attackers to inject arbitrary script or HTML via unspecified vectors.
CVE-2020-28339 1 Collne 1 Welcart E-commerce 2024-11-21 6.5 MEDIUM 7.5 HIGH
The usc-e-shop (aka Collne Welcart e-Commerce) plugin before 1.9.36 for WordPress allows Object Injection because of usces_unserialize. There is not a complete POP chain.
CVE-2016-4828 1 Collne 1 Welcart E-commerce 2024-11-21 6.4 MEDIUM 6.5 MEDIUM
The Collne Welcart e-Commerce plugin before 1.8.3 for WordPress mishandles sessions, which allows remote attackers to obtain access by leveraging knowledge of the e-mail address associated with an account.
CVE-2016-4827 1 Collne 1 Welcart E-commerce 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in the Collne Welcart e-Commerce plugin before 1.8.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-4826.
CVE-2016-4826 1 Collne 1 Welcart E-commerce 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in the Collne Welcart e-Commerce plugin before 1.8.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-4827.
CVE-2016-4825 1 Collne 1 Welcart E-commerce 2024-11-21 6.8 MEDIUM 5.6 MEDIUM
The Collne Welcart e-Commerce plugin before 1.8.3 for WordPress allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via crafted serialized data.
CVE-2015-7791 1 Collne 1 Welcart 2024-11-21 6.5 MEDIUM 6.3 MEDIUM
Multiple SQL injection vulnerabilities in admin.php in the Collne Welcart plugin before 1.5.3 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) search[column] or (2) switch parameter.
CVE-2015-2973 1 Collne 1 Welcart 2024-11-21 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Welcart plugin before 1.4.18 for WordPress allow remote attackers to inject arbitrary web script or HTML via the usces_referer parameter to (1) classes/usceshop.class.php, (2) includes/edit-form-advanced.php, (3) includes/edit-form-advanced30.php, (4) includes/edit-form-advanced34.php, (5) includes/member_edit_form.php, (6) includes/order_edit_form.php, (7) includes/order_list.php, or (8) includes/usces_item_master_list.php, related to admin.php.