E-commerce Security Vulnerabilities and Issues — E-commerce CVE List

Lucene search

WelcartE-commerce

4 matches found

CVE•added 2023/01/02 10:15 p.m.•66 views

CVE-2022-4140

The Welcart e-Commerce WordPress plugin before 2.8.5 does not validate user input before using it to output the content of a file, which could allow unauthenticated attacker to read arbitrary files on the server

7.5CVSS7.5AI score0.69047EPSS

CVE•added 2023/01/02 10:15 p.m.•53 views

CVE-2022-4237

The Welcart e-Commerce WordPress plugin before 2.8.6 does not validate user input before using it in file_exist() functions via various AJAX actions available to any authenticated users, which could allow users with a role as low as subscriber to perform PHAR deserialisation when they can upload a ...

8.8CVSS8.7AI score0.00486EPSS

CVE•added 2023/01/16 4:15 p.m.•50 views

CVE-2022-4655

The Welcart e-Commerce WordPress plugin before 2.8.9 does not validate and escapes one of its shortcode attributes, which could allow users with a role as low as a contributor to perform a Stored Cross-Site Scripting attack.

5.4CVSS5.3AI score0.00113EPSS

CVE•added 2023/01/02 10:15 p.m.•42 views

CVE-2022-4236

The Welcart e-Commerce WordPress plugin before 2.8.5 does not validate user input before using it to output the content of a file via an AJAX action available to any authenticated users, which could allow users with a role as low as subscriber to read arbitrary files on the server.

6.5CVSS6.3AI score0.00216EPSS