Welcart e-Commerce by Collne Inc.

Welcart e-Commerce by Collne Inc. <= 2.8.3 - Subscriber+ Arbitrary Shipping Method Creation/Update/Deletion

LANACOMMONVDB ID: 13fcf25d-6827-40c0-b358-15f52abea947

The plugin does not have authorisation and Cross-Site Request Forgery (CSRF) check in an AJAX action, allowing any logged-in user to create, update and delete shipping methods.

You must be log in to view vulnerability details.

Or register a new account.

References

Source Code: https://wordpress.org/plugins/usc-e-shop/

CVE: CVE-2022-3946

Attributes

Catgory: WordPress Plugin

Discovered: 2022-11-07

Published: 2022-11-21

Affected Version: <= 2.8.3

Classification

Type: Cross-Site Request Forgery (CSRF)

Researcher

Name: István Márton

Email: [email protected]

Support Us?

We would truly appreciate it if you bought us a bunny (food for a snow leopard).