Welcart: >> Welcart E-Commerce >> 1.7.1 Security Vulnerabilities
Unauth. Directory Traversal vulnerability in Welcart eCommerce plugin <= 2.7.7 on WordPress.
CVSS Score
7.5
EPSS Score
0.861
Published
2022-11-18
The usc-e-shop (aka Collne Welcart e-Commerce) plugin before 1.9.36 for WordPress allows Object Injection because of usces_unserialize. There is not a complete POP chain.
CVSS Score
7.5
EPSS Score
0.008
Published
2020-11-07
The Collne Welcart e-Commerce plugin before 1.8.3 for WordPress mishandles sessions, which allows remote attackers to obtain access by leveraging knowledge of the e-mail address associated with an account.
CVSS Score
6.5
EPSS Score
0.004
Published
2016-06-25
Cross-site scripting (XSS) vulnerability in the Collne Welcart e-Commerce plugin before 1.8.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-4826.
CVSS Score
6.1
EPSS Score
0.004
Published
2016-06-25
Cross-site scripting (XSS) vulnerability in the Collne Welcart e-Commerce plugin before 1.8.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-4827.
CVSS Score
6.1
EPSS Score
0.004
Published
2016-06-25
The Collne Welcart e-Commerce plugin before 1.8.3 for WordPress allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via crafted serialized data.
CVSS Score
5.6
EPSS Score
0.065
Published
2016-06-25
Page 3