3 matches found
CVE-2022-3946
The Welcart e-Commerce WordPress plugin before 2.8.4 does not have authorisation and CSRF in an AJAX action, allowing any logged-in user to create, update and delete shipping methods...
CVE-2022-3946 Welcart e-Commerce < 2.8.4 - Subscriber+ Arbitrary Shipping Method Creation/Update/Deletion
The Welcart e-Commerce WordPress plugin before 2.8.4 does not have authorisation and CSRF in an AJAX action, allowing any logged-in user to create, update and delete shipping methods...
CVE-2022-3946
The CVE-2022-3946 entry concerns the WordPress plugin Welcart e-Commerce (pre-2.8.4). Affected component is the AJAX action used to manage shipping methods, where lack of proper authorization and CSRF checks allows any logged-in user to create, update, or delete shipping methods due to missing ac...