Unknown Welcart E-Commerce vulnerabilities

CVE-2023-5952 [CRITICAL] CWE-502 CVE-2023-5952: The Welcart e-Commerce WordPress plugin before 2.9.5 unserializes user input from cookies, which cou The Welcart e-Commerce WordPress plugin before 2.9.5 unserializes user input from cookies, which could allow unautehtniacted users to perform PHP Object Injection when a suitable gadget is present on the blog

CVE-2023-5953 [HIGH] CWE-434 CVE-2023-5953: The Welcart e-Commerce WordPress plugin before 2.9.5 does not validate files to be uploaded, as well The Welcart e-Commerce WordPress plugin before 2.9.5 does not validate files to be uploaded, as well as does not have authorisation and CSRF in an AJAX action handling such upload. As a result, any authenticated users, such as subscriber could upload arbitrary files, such as PHP on the server

CVE-2023-5951 [MEDIUM] CWE-79 CVE-2023-5951: The Welcart e-Commerce WordPress plugin before 2.9.5 does not sanitise and escape a parameter before The Welcart e-Commerce WordPress plugin before 2.9.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

CVE-2022-4655 [MEDIUM] CWE-79 CVE-2022-4655: The Welcart e-Commerce WordPress plugin before 2.8.9 does not validate and escapes one of its shortc The Welcart e-Commerce WordPress plugin before 2.8.9 does not validate and escapes one of its shortcode attributes, which could allow users with a role as low as a contributor to perform a Stored Cross-Site Scripting attack.

CVE-2022-4237 [HIGH] CWE-502 CVE-2022-4237: The Welcart e-Commerce WordPress plugin before 2.8.6 does not validate user input before using it in The Welcart e-Commerce WordPress plugin before 2.8.6 does not validate user input before using it in file_exist() functions via various AJAX actions available to any authenticated users, which could allow users with a role as low as subscriber to perform PHAR deserialisation when they can upload a file and a suitable gadget chain is present on the blog

CVE-2022-4140 [HIGH] CWE-552 CVE-2022-4140: The Welcart e-Commerce WordPress plugin before 2.8.5 does not validate user input before using it to The Welcart e-Commerce WordPress plugin before 2.8.5 does not validate user input before using it to output the content of a file, which could allow unauthenticated attacker to read arbitrary files on the server

CVE-2022-4236 [MEDIUM] CWE-552 CVE-2022-4236: The Welcart e-Commerce WordPress plugin before 2.8.5 does not validate user input before using it to The Welcart e-Commerce WordPress plugin before 2.8.5 does not validate user input before using it to output the content of a file via an AJAX action available to any authenticated users, which could allow users with a role as low as subscriber to read arbitrary files on the server.

CVE-2022-3935 [MEDIUM] CWE-79 CVE-2022-3935: The Welcart e-Commerce WordPress plugin before 2.8.4 does not sanitise and escape some parameters, w The Welcart e-Commerce WordPress plugin before 2.8.4 does not sanitise and escape some parameters, which could allow any authenticated users, such as subscriber to perform Stored Cross-Site Scripting attacks

CVE-2022-3946 [MEDIUM] CWE-352 CVE-2022-3946: The Welcart e-Commerce WordPress plugin before 2.8.4 does not have authorisation and CSRF in an AJAX The Welcart e-Commerce WordPress plugin before 2.8.4 does not have authorisation and CSRF in an AJAX action, allowing any logged-in user to create, update and delete shipping methods.