Welcart e-Commerce by Collne Inc.

Welcart e-Commerce by Collne Inc. <= 2.8.3 - Multiple Subscriber+ Stored XSS

LANACOMMONVDB ID: 1360a932-8051-42b6-86d8-8ca6ba19e9fb

The plugin does not sanitize and escape some parameters, which could allow any authenticated users, such as subscriber to perform Stored Cross-Site Scripting (XSS) attacks.

You must be log in to view vulnerability details.

Or register a new account.

References

Source Code: https://wordpress.org/plugins/usc-e-shop/

CVE: CVE-2022-3935

Attributes

Catgory: WordPress Plugin

Discovered: 2022-11-07

Published: 2022-11-21

Affected Version: <= 2.8.3

Classification

Type: Cross-Site Scripting (XSS)

Researcher

Name: István Márton

Email: [email protected]

Support Us?

We would truly appreciate it if you bought us a bunny (food for a snow leopard).