Welcart: >> Welcart E-Commerce >> 0.9.2 Security Vulnerabilities
The Welcart e-Commerce WordPress plugin before 2.9.5 does not validate files to be uploaded, as well as does not have authorisation and CSRF in an AJAX action handling such upload. As a result, any authenticated users, such as subscriber could upload arbitrary files, such as PHP on the server
CVSS Score
8.8
EPSS Score
0.006
Published
2023-12-04
The Welcart e-Commerce plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the usces_download_system_information() function in versions up to, and including, 2.2.7. This makes it possible for authenticated attackers to download information including WordPress settings, plugin settings, PHP settings and server settings.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-06-07
The Welcart e-Commerce plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the download_orderdetail_list(), change_orderlist(), and download_member_list() functions called via admin_init hooks in versions up to, and including, 2.2.7. This makes it possible for unauthenticated attackers to download lists of members, products and orders.
CVSS Score
7.5
EPSS Score
0.008
Published
2023-06-07
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Collne Inc. Welcart e-Commerce plugin <= 2.8.10 versions.
CVSS Score
7.1
EPSS Score
0.001
Published
2023-03-29
The Welcart e-Commerce WordPress plugin before 2.8.9 does not validate and escapes one of its shortcode attributes, which could allow users with a role as low as a contributor to perform a Stored Cross-Site Scripting attack.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-01-16
The Welcart e-Commerce WordPress plugin before 2.8.5 does not validate user input before using it to output the content of a file, which could allow unauthenticated attacker to read arbitrary files on the server
CVSS Score
7.5
EPSS Score
0.69
Published
2023-01-02
The Welcart e-Commerce WordPress plugin before 2.8.5 does not validate user input before using it to output the content of a file via an AJAX action available to any authenticated users, which could allow users with a role as low as subscriber to read arbitrary files on the server.
CVSS Score
6.5
EPSS Score
0.002
Published
2023-01-02
The Welcart e-Commerce WordPress plugin before 2.8.6 does not validate user input before using it in file_exist() functions via various AJAX actions available to any authenticated users, which could allow users with a role as low as subscriber to perform PHAR deserialisation when they can upload a file and a suitable gadget chain is present on the blog
CVSS Score
8.8
EPSS Score
0.005
Published
2023-01-02
The Welcart e-Commerce WordPress plugin before 2.8.4 does not sanitise and escape some parameters, which could allow any authenticated users, such as subscriber to perform Stored Cross-Site Scripting attacks
CVSS Score
5.4
EPSS Score
0.001
Published
2022-12-12
The Welcart e-Commerce WordPress plugin before 2.8.4 does not have authorisation and CSRF in an AJAX action, allowing any logged-in user to create, update and delete shipping methods.
CVSS Score
6.5
EPSS Score
0.001
Published
2022-12-12