Shodan
Vulnerabilities
Vulnerable Software
Welcart:  >> Welcart E-Commerce  >> 2.8.9  Security Vulnerabilities
CVE-2023-5953
The Welcart e-Commerce WordPress plugin before 2.9.5 does not validate files to be uploaded, as well as does not have authorisation and CSRF in an AJAX action handling such upload. As a result, any authenticated users, such as subscriber could upload arbitrary files, such as PHP on the server
CVSS Score
8.8
EPSS Score
0.006
Published
2023-12-04
CVE-2023-43484
Cross-site scripting vulnerability in Item List page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script.
CVSS Score
6.1
EPSS Score
0.002
Published
2023-09-27
CVE-2023-43493
SQL injection vulnerability in Item List page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with author or higher privilege to obtain sensitive information.
CVSS Score
4.9
EPSS Score
0.004
Published
2023-09-27
CVE-2023-43610
SQL injection vulnerability in Order Data Edit page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with editor (without setting authority) or higher privilege to perform unintended database operations.
CVSS Score
8.8
EPSS Score
0.004
Published
2023-09-27
CVE-2023-43614
Cross-site scripting vulnerability in Order Data Edit page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script.
CVSS Score
6.1
EPSS Score
0.002
Published
2023-09-27
CVE-2023-41962
Cross-site scripting vulnerability in Credit Card Payment Setup page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script in the page.
CVSS Score
6.1
EPSS Score
0.003
Published
2023-09-27
CVE-2023-41233
Cross-site scripting vulnerability in Item List page registration process of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script.
CVSS Score
6.1
EPSS Score
0.002
Published
2023-09-27
CVE-2023-40219
Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with editor or higher privilege to upload an arbitrary file to an unauthorized directory.
CVSS Score
7.2
EPSS Score
0.005
Published
2023-09-27
CVE-2023-22705
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Collne Inc. Welcart e-Commerce plugin <= 2.8.10 versions.
CVSS Score
7.1
EPSS Score
0.001
Published
2023-03-29


Products
Pricing
Contact Us

Shodan ® - All rights reserved