Vulnerabilities (CVE)

Filtered by vendor Collne Subscribe
Total 29 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-41840 1 Collne 1 Welcart E-commerce 2024-02-28 N/A 9.8 CRITICAL
Unauth. Directory Traversal vulnerability in Welcart eCommerce plugin <= 2.7.7 on WordPress.
CVE-2021-20734 1 Collne 1 Welcart 2024-02-28 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting vulnerability in Welcart e-Commerce versions prior to 2.2.4 allows remote attackers to inject arbitrary script or HTML via unspecified vectors.
CVE-2020-28339 1 Collne 1 Welcart E-commerce 2024-02-28 6.5 MEDIUM 8.8 HIGH
The usc-e-shop (aka Collne Welcart e-Commerce) plugin before 1.9.36 for WordPress allows Object Injection because of usces_unserialize. There is not a complete POP chain.
CVE-2016-4827 1 Collne 1 Welcart E-commerce 2024-02-28 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in the Collne Welcart e-Commerce plugin before 1.8.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-4826.
CVE-2016-4828 1 Collne 1 Welcart E-commerce 2024-02-28 6.4 MEDIUM 6.5 MEDIUM
The Collne Welcart e-Commerce plugin before 1.8.3 for WordPress mishandles sessions, which allows remote attackers to obtain access by leveraging knowledge of the e-mail address associated with an account.
CVE-2015-7791 1 Collne 1 Welcart 2024-02-28 6.5 MEDIUM 6.3 MEDIUM
Multiple SQL injection vulnerabilities in admin.php in the Collne Welcart plugin before 1.5.3 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) search[column] or (2) switch parameter.
CVE-2015-2973 1 Collne 1 Welcart 2024-02-28 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Welcart plugin before 1.4.18 for WordPress allow remote attackers to inject arbitrary web script or HTML via the usces_referer parameter to (1) classes/usceshop.class.php, (2) includes/edit-form-advanced.php, (3) includes/edit-form-advanced30.php, (4) includes/edit-form-advanced34.php, (5) includes/member_edit_form.php, (6) includes/order_edit_form.php, (7) includes/order_list.php, or (8) includes/usces_item_master_list.php, related to admin.php.
CVE-2016-4826 1 Collne 1 Welcart E-commerce 2024-02-28 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in the Collne Welcart e-Commerce plugin before 1.8.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-4827.
CVE-2016-4825 1 Collne 1 Welcart E-commerce 2024-02-28 6.8 MEDIUM 5.6 MEDIUM
The Collne Welcart e-Commerce plugin before 1.8.3 for WordPress allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via crafted serialized data.