4 matches found
CVE-2023-43610
SQL injection vulnerability in Order Data Edit page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with editor without setting authority or higher privilege to perform unintended database operations...
CVE-2023-43610
CVE-2023-43610 is a SQL injection vulnerability in Welcart e-Commerce (WordPress plugin) affecting versions 2.7–2.8.21. The issue exists in the Order Data Edit page, allowing a user with editor-level privileges or higher to perform unintended database operations. Red Hat and JVN entries corrobora...
CVE-2023-43610
SQL injection vulnerability in Order Data Edit page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with editor without setting authority or higher privilege to perform unintended database operations...
JVN#97197972: Multiple vulnerabilities in WordPress plugin "Welcart e-Commerce"
WordPress plugin "Welcart e-Commerce" provided by Collne Inc. contains multiple vulnerabilities listed below. Unrestricted Upload of File with Dangerous Type CWE-434 - CVE-2023-40219 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N| Base Score: 2.7 CVSS v2|...