The Welcart e-Commerce WordPress plugin before 2.8.4 does not have authorisation and CSRF in an AJAX action, allowing any logged-in user to create, update and delete shipping methods.
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/b48e4e1d-e682-4b16-81dc-2feee78d7ed0 | Exploit Third Party Advisory |
Configurations
History
14 Dec 2022, 21:35
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-352 CWE-862 |
|
References | (MISC) https://wpscan.com/vulnerability/b48e4e1d-e682-4b16-81dc-2feee78d7ed0 - Exploit, Third Party Advisory | |
CPE | cpe:2.3:a:collne:welcart_e-commerce:*:*:*:*:*:wordpress:*:* | |
First Time |
Collne welcart E-commerce
Collne |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
12 Dec 2022, 18:17
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-12-12 18:15
Updated : 2023-12-10 14:48
NVD link : CVE-2022-3946
Mitre link : CVE-2022-3946
CVE.ORG link : CVE-2022-3946
JSON object : View
Products Affected
collne
- welcart_e-commerce