WordPress Plugin Vulnerabilities

Welcart e-Commerce 1.3.12 - SQL Injection

Description

The Welcart e-Commerce WordPress plugin was affected by a SQL Injection security vulnerability.

Affects Plugins

Plugin icon
usc-e-shop
Fixed in 1.5

References

CVE
CVE-2014-10017
URL
https://packetstormsecurity.com/files/#125513/

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89
CVSS
9.0 (critical)

Miscellaneous

Original Researcher
HauntIT
Verified
No
WPVDB ID
8e987de1-b73b-400b-af15-675d7b6c20ec

Timeline

Publicly Published
2014-08-01 (about 11 years ago)
Added
2014-08-01 (about 11 years ago)
Last Updated
2020-12-10 (about 5 years ago)

Other

Published
Title
Published
2022-12-09
Title
Cryptocurrency Widgets Pack < 2.0 - Unauthenticated SQLi
Published
2025-03-31
Title
WP AutoKeyword <= 1.0 - Unauthenticated SQL Injection
Published
2015-09-15
Title
CP Reservation Calendar <= 1.1.6 - Unauthenticated SQL Injection
Published
2023-01-23
Title
WP Google Review Slider < 11.8 - Subscriber+ SQLi
Published
2024-07-19
Title
SEO Plugin by Squirrly SEO < 12.3.20 - Contributor+ SQL Injection via url Parameter