cbcvebase.

Collne Inc Welcart E-Commerce vulnerabilities

12 known vulnerabilities affecting collne_inc/welcart_e-commerce.

Total CVEs
12
CISA KEV
0
Public exploits
1
Exploited in wild
1
Severity breakdown
CRITICAL1HIGH3MEDIUM8

Vulnerabilities

Page 1 of 1
CVE-2022-41840P1CRITICALCVSS 9.8ExploitedPoC≤ 2.7.72022-11-18
CVE-2022-41840 [CRITICAL] CWE-22 CVE-2022-41840: Unauth. Directory Traversal vulnerability in Welcart eCommerce plugin <= 2.7.7 on WordPress. Unauth. Directory Traversal vulnerability in Welcart eCommerce plugin <= 2.7.7 on WordPress.
nvd
CVE-2023-43610P3HIGHCVSS 8.8vversions 2.7 to 2.8.212023-09-27
CVE-2023-43610 [HIGH] CWE-89 CVE-2023-43610: SQL injection vulnerability in Order Data Edit page of Welcart e-Commerce versions 2.7 to 2.8.21 all SQL injection vulnerability in Order Data Edit page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with editor (without setting authority) or higher privilege to perform unintended database operations.
nvd
CVE-2023-40219P3HIGHCVSS 7.2vversions 2.7 to 2.8.212023-09-27
CVE-2023-40219 [HIGH] CWE-434 CVE-2023-40219: Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with editor or higher privilege to upload an Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with editor or higher privilege to upload an arbitrary file to an unauthorized directory.
nvd
CVE-2023-50847P3HIGHCVSS 7.2≥ n/a, ≤ 2.9.32023-12-28
CVE-2023-50847 [HIGH] CWE-89 CVE-2023-50847: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Collne Inc. Welcart e-Commerce.This issue affects Welcart e-Commerce: from n/a through 2.9.3.
nvd
CVE-2023-43493P4MEDIUMCVSS 4.9vversions 2.7 to 2.8.212023-09-27
CVE-2023-43493 [MEDIUM] CWE-89 CVE-2023-43493: SQL injection vulnerability in Item List page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a SQL injection vulnerability in Item List page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with author or higher privilege to obtain sensitive information.
nvd
CVE-2023-43484P4MEDIUMCVSS 6.1vversions 2.7 to 2.8.212023-09-27
CVE-2023-43484 [MEDIUM] CWE-79 CVE-2023-43484: Cross-site scripting vulnerability in Item List page of Welcart e-Commerce versions 2.7 to 2.8.21 al Cross-site scripting vulnerability in Item List page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script.
nvd
CVE-2023-43614P4MEDIUMCVSS 6.1vversions 2.7 to 2.8.212023-09-27
CVE-2023-43614 [MEDIUM] CWE-79 CVE-2023-43614: Cross-site scripting vulnerability in Order Data Edit page of Welcart e-Commerce versions 2.7 to 2.8 Cross-site scripting vulnerability in Order Data Edit page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script.
nvd
CVE-2023-41233P4MEDIUMCVSS 6.1vversions 2.7 to 2.8.212023-09-27
CVE-2023-41233 [MEDIUM] CWE-79 CVE-2023-41233: Cross-site scripting vulnerability in Item List page registration process of Welcart e-Commerce vers Cross-site scripting vulnerability in Item List page registration process of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script.
nvd
CVE-2023-41962P4MEDIUMCVSS 6.1vversions 2.7 to 2.8.212023-09-27
CVE-2023-41962 [MEDIUM] CWE-79 CVE-2023-41962: Cross-site scripting vulnerability in Credit Card Payment Setup page of Welcart e-Commerce versions Cross-site scripting vulnerability in Credit Card Payment Setup page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script in the page.
nvd
CVE-2021-20734P4MEDIUMCVSS 6.1vversions prior to 2.2.42021-06-22
CVE-2021-20734 [MEDIUM] CWE-79 CVE-2021-20734: Cross-site scripting vulnerability in Welcart e-Commerce versions prior to 2.2.4 allows remote attac Cross-site scripting vulnerability in Welcart e-Commerce versions prior to 2.2.4 allows remote attackers to inject arbitrary script or HTML via unspecified vectors.
nvd
CVE-2023-22705P4MEDIUMCVSS 6.1≥ n/a, ≤ 2.8.102023-03-29
CVE-2023-22705 [MEDIUM] CWE-79 CVE-2023-22705: Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Collne Inc. Welcart e-Commerce plugin Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Collne Inc. Welcart e-Commerce plugin <= 2.8.10 versions.
nvd
CVE-2023-40532P4MEDIUMCVSS 4.3vversions 2.7 to 2.8.212023-09-27
CVE-2023-40532 [MEDIUM] CWE-22 CVE-2023-40532: Path traversal vulnerability in Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with author Path traversal vulnerability in Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with author or higher privilege to obtain partial information of the files on the web server.
nvd