- Lana Codes
- Common Vulnerabilities
Welcart e-Commerce by Collne Inc. <= 2.8.3 - Subscriber+ Arbitrary Shipping Method Creation/Update/Deletion
LANACOMMONVDB ID: 13fcf25d-6827-40c0-b358-15f52abea947
The plugin does not have authorisation and Cross-Site Request Forgery (CSRF) check in an AJAX action, allowing any logged-in user to create, update and delete shipping methods.
You must be log in to view vulnerability details.
Or register a new account.