Welcart: >> Welcart E-Commerce >> 2.7 Security Vulnerabilities
The Welcart e-Commerce WordPress plugin before 2.8.4 does not sanitise and escape some parameters, which could allow any authenticated users, such as subscriber to perform Stored Cross-Site Scripting attacks
CVSS Score
5.4
EPSS Score
0.001
Published
2022-12-12
The Welcart e-Commerce WordPress plugin before 2.8.4 does not have authorisation and CSRF in an AJAX action, allowing any logged-in user to create, update and delete shipping methods.
CVSS Score
6.5
EPSS Score
0.001
Published
2022-12-12
Unauth. Directory Traversal vulnerability in Welcart eCommerce plugin <= 2.7.7 on WordPress.
CVSS Score
7.5
EPSS Score
0.841
Published
2022-11-18
Page 3