WordPress Plugin Vulnerabilities

Welcart e-Commerce < 1.5.3 - SQL Injection

Description

The Welcart e-Commerce WordPress plugin was affected by a SQL Injection security vulnerability.

Affects Plugins

Plugin icon
usc-e-shop
Fixed in 1.5.3

References

CVE
CVE-2015-7791
URL
https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000200.html
URL
http://www.welcart.com/community/archives/76035

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89
CVSS
6.3 (medium)

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
34db603a-df80-4f74-ad49-684afedd2496

Timeline

Publicly Published
2015-12-17 (about 10 years ago)
Added
2015-12-31 (about 10 years ago)
Last Updated
2020-12-10 (about 5 years ago)

Other

Published
Title
Published
2023-07-24
Title
Quasar form <= 6.1 - Subscriber+ SQLi
Published
2024-04-12
Title
User Activity Log Pro <= 2.3.4 - Authenticated (Subscriber+) SQL Injection
Published
2025-06-19
Title
Video List Manager <= 1.7 - Authenticated (Contributor+) SQL Injection
Published
2016-06-10
Title
Search Everything < 8.1.6 - SQL Injection
Published
2025-04-07
Title
3DPrint Lite <=2.1.3.6 - Authenticated (Admin+) SQL Injection via 'coating_text'