E-commerce Security Vulnerabilities and Issues — E-commerce CVE List

Lucene search

WelcartE-commerce

3 matches found

CVE•added 2022/12/12 6:15 p.m.•54 views

CVE-2022-3946

The Welcart e-Commerce WordPress plugin before 2.8.4 does not have authorisation and CSRF in an AJAX action, allowing any logged-in user to create, update and delete shipping methods.

6.5CVSS6.4AI score0.00076EPSS

CVE•added 2023/01/02 10:15 p.m.•42 views

CVE-2022-4236

The Welcart e-Commerce WordPress plugin before 2.8.5 does not validate user input before using it to output the content of a file via an AJAX action available to any authenticated users, which could allow users with a role as low as subscriber to read arbitrary files on the server.

6.5CVSS6.3AI score0.00216EPSS

CVE•added 2023/12/04 10:15 p.m.•28 views

CVE-2023-5951

The Welcart e-Commerce WordPress plugin before 2.9.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

6.1CVSS6AI score0.00284EPSS