Description

WordPress Plugin Welcart e-Commerce is prone to multiple vulnerabilities, including cross-site scripting and SQL injection vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, to steal cookie-based authentication credentials, to compromise the application, access or modify data or to exploit vulnerabilities in the underlying database. WordPress Plugin Welcart e-Commerce version 1.3.12 is vulnerable; other versions may also be affected.

Remediation

Edit the source code to ensure that input is properly sanitised

References

http://packetstormsecurity.com/files/125513/Welcart-e-Commerce-usc-e-shop.1.3.12-XSS-SQL-Injection.html

http://secunia.com/advisories/57222/

Related Vulnerabilities

WordPress Plugin MDC YouTube Downloader Local File Inclusion (2.1.0)

WordPress Plugin Search Unleashed 'Log' Function HTML Injection (0.2.10)

WordPress Plugin Nested Pages Multiple Vulnerabilities (3.1.15)

Envoy Proxy Use After Free Vulnerability (CVE-2024-32974)

ownCloud Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2012-4393)

Severity

High

Classification

CVE-2014-10016 CVE-2014-10017 CWE-79 CWE-89 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update