Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Collne Subscribe

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 7 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-5951 1 Collne 1 Welcart 2023-12-07 N/A 6.1 MEDIUM
The Welcart e-Commerce WordPress plugin before 2.9.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
CVE-2016-4828 1 Collne 1 Welcart E-commerce 2021-09-09 6.4 MEDIUM 6.5 MEDIUM
The Collne Welcart e-Commerce plugin before 1.8.3 for WordPress mishandles sessions, which allows remote attackers to obtain access by leveraging knowledge of the e-mail address associated with an account.
CVE-2016-4826 1 Collne 1 Welcart E-commerce 2021-09-09 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in the Collne Welcart e-Commerce plugin before 1.8.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-4827.
CVE-2016-4827 1 Collne 1 Welcart E-commerce 2021-08-31 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in the Collne Welcart e-Commerce plugin before 1.8.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-4826.
CVE-2016-4825 1 Collne 1 Welcart E-commerce 2021-08-31 6.8 MEDIUM 5.6 MEDIUM
The Collne Welcart e-Commerce plugin before 1.8.3 for WordPress allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via crafted serialized data.
CVE-2021-20734 1 Collne 1 Welcart 2021-06-24 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting vulnerability in Welcart e-Commerce versions prior to 2.2.4 allows remote attackers to inject arbitrary script or HTML via unspecified vectors.
CVE-2015-7791 1 Collne 1 Welcart 2021-06-24 6.5 MEDIUM 6.3 MEDIUM
Multiple SQL injection vulnerabilities in admin.php in the Collne Welcart plugin before 1.5.3 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) search[column] or (2) switch parameter.